家族描述:
FormBook是一个数据窃取者,但还不是一个成熟的银行恶意软件。它目前没有任何扩展或插件。其功能包括: •键记录 •剪贴板监控 •获取HTTP/HTTPS/SPDY/HTTP2表单和网络请求 •从浏览器和电子邮件客户端获取密码 •屏幕截图 FormBook可以从C2服务器接收以下远程命令: •更新主机系统上的bot •下载并执行文件 •从主机系统中删除bot •通过ShellExecute启动命令 •清除浏览器cookies •重启系统 •关闭系统 •收集密码并创建屏幕截图 •下载并解压缩ZIP存档。
参考链接:
https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html
http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/
https://www.peerlyst.com/posts/how-to-understand-formbook-a-new-malware-as-a-service-sudhendu
http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html
https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/
https://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/
http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html
https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-inside-formbook-infostealer/
https://www.botconf.eu/wp-content/uploads/2018/12/2018-R-Jullian-In-depth-Formbook-Malware-Analysis.pdf
https://www.peerlyst.com/posts/how-to-analyse-formbook-a-new-malware-as-a-service-sudhendu?
trk=explore_page_resources_recent
https://blog.talosintelligence.com/2018/06/my-little-formbook.html
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
https://otx.alienvault.com/browse/pulses?q=tag:FormBook
