Tag: formbook

6 Attack Reports | 0 Vulnerabilities

Attack reports

Uncovering .NET Malware Obfuscated by Encryption and Virtualization

This article examines advanced obfuscation techniques used in popular malware families like Agent Tesla, XWorm, and FormBook/XLoader. The techniques include code virtualization, staged payload delivery, dynamic code loading, AES encryption, and multi-stage payloads. The malware uses a three-stage p…
obfuscation
xworm
encryption
.net
formbook
agent tesla
sandbox evasion
xloader
2025-03-03
virtualization
static analysis
Published: March 3, 2025
Downloadable IOCs: 11

Technical Analysis of Xloader Versions 6 and 7 P2

The latest versions of the Xloader malware, known as Formbook, use advanced obfuscation techniques to mask critical parts of its code and data, as part of a two-part technical analysis.
c2 server
formbook
base64
xloader
2025-02-14
c2 traffic
dword xor
dwords
decoy c2
pushdo
Published: February 14, 2025
Downloadable IOCs: 261

Technical Analysis of Xloader Versions 6 and 7

This analysis examines the latest versions of Xloader malware, focusing on its advanced obfuscation techniques. Xloader, successor to Formbook, is an information stealer targeting browsers, email clients, and FTP applications. The malware employs complex encryption layers to protect critical code a…
obfuscation
encryption
formbook
information stealer
process injection
xloader
2025-01-28
api resolution
ntdll hook evasion
Published: January 28, 2025
Downloadable IOCs: 261

End-of-Year PTO: Days Off and Data Exfiltration with Formbook

A phishing campaign disguised as an end-of-year leave approval notice has been intercepted by the Cofense Phishing Defense Center. The malicious email, masquerading as HR communication, tricks recipients into clicking a link that leads to the deployment of FormBook malware. The email contains red f…
phishing
autoit
credential harvesting
formbook
keylogging
data exfiltration
process injection
2024-12-06
holiday-themed
Published: December 6, 2024
Downloadable IOCs: 0

CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack

A targeted email campaign exploiting CVE-2024-38213 has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy LummaStealer malware, stealing sensitive data. The vulnerability, known …
xworm
phishing
asyncrat
venomrat
formbook
CVE-2024-38213
2024-11-08
copy2pwn
darkgate rat
lummastealer
Published: November 8, 2024
Downloadable IOCs: 0

Files with TXZ extension used as malspam attachments

A recent report describes a malspam campaign distributing malware payloads in attachments with TXZ file extensions. The attachments were RAR archives with renamed extensions, likely attempting to exploit native TXZ support in Windows 11. Two campaigns distributed the payloads, one with GuLoader mal…
malspam
2024-05-28
formbook
guloader
Published: May 28, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports