Formbook Form Grabber

Forum for analysis and discussion about malware.
Post Reply
puzzlex
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm

Formbook Form Grabber

Post by puzzlex » Fri Aug 25, 2017 1:33 pm

Anyone recognizes?
You do not have the required permissions to view the files attached to this post.

puzzlex
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

Post by puzzlex » Fri Aug 25, 2017 2:40 pm

C&C 1 (not sure if there were more):

http://www.bella-bg.com/private/

Looks a nifty malware, shame they do not use SSL at this level.

Antelox
Posts: 178
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Help identify malware

Post by Antelox » Sun Aug 27, 2017 8:21 am

This is FormBook form grabber.

C&C:

Code: Select all

hxxp://www.bella-bg.com/private
BR,

Antelox

puzzlex
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

Post by puzzlex » Sun Aug 27, 2017 10:12 pm

You rock! BIG THANK

puzzlex
Posts: 20
Joined: Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

Post by puzzlex » Tue Sep 12, 2017 9:53 am

Control Panel:
script.zip
It is not the full panel unfortunately, config.php missing :(
Got it from: http://www.olalimpopo.com/j0g2z5t/
You do not have the required permissions to view the files attached to this post.

tildedennis
Posts: 32
Joined: Mon Jun 17, 2013 7:57 pm

Re: Help identify malware

Post by tildedennis » Sun Oct 22, 2017 10:23 pm

@moderators maybe we can rename this thread to "Formbook Form Grabber"

Couple of posts:

[*] https://www.arbornetworks.com/blog/aser ... m-grabber/
[*] https://www.fireeye.com/blog/threat-res ... aigns.html

I'm starting to see newer versions (3.2, 3.3, and 3.4) since the posts
You do not have the required permissions to view the files attached to this post.

Post Reply