Formbook Form Grabber

#30782 by puzzlex
Fri Aug 25, 2017 1:33 pm

Anyone recognizes?

Attachments

unpacked.zip

unpacked
(111.68 KiB) Downloaded 67 times

Username

puzzlex

Posts

20

Joined

Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

#30783 by puzzlex
Fri Aug 25, 2017 2:40 pm

C&C 1 (not sure if there were more):

http://www.bella-bg.com/private/

Looks a nifty malware, shame they do not use SSL at this level.

Username

puzzlex

Posts

20

Joined

Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

#30785 by Antelox
Sun Aug 27, 2017 8:21 am

This is FormBook form grabber.

C&C:

Code: Select all

hxxp://www.bella-bg.com/private

BR,

Antelox

@Antelox

Username

Antelox

Posts

298

Joined

Sun Mar 21, 2010 10:38 pm

Contact

Re: Help identify malware

#30788 by puzzlex
Sun Aug 27, 2017 10:12 pm

You rock! BIG THANK

Username

puzzlex

Posts

20

Joined

Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

#30841 by puzzlex
Tue Sep 12, 2017 9:53 am

Control Panel:

script.zip

script.zip
(4.38 MiB) Downloaded 58 times

It is not the full panel unfortunately, config.php missing :(
Got it from: http://www.olalimpopo.com/j0g2z5t/

Username

puzzlex

Posts

20

Joined

Tue Oct 20, 2015 12:22 pm

Re: Help identify malware

#30931 by tildedennis
Sun Oct 22, 2017 10:23 pm

@moderators maybe we can rename this thread to "Formbook Form Grabber"

Couple of posts:

[*] https://www.arbornetworks.com/blog/aser ... m-grabber/
[*] https://www.fireeye.com/blog/threat-res ... aigns.html

I'm starting to see newer versions (3.2, 3.3, and 3.4) since the posts

Attachments

3.2.zip

(207.82 KiB) Downloaded 38 times

3.3.zip

(178.95 KiB) Downloaded 33 times

3.4.zip

(192.88 KiB) Downloaded 42 times

Username

tildedennis

Posts

32

Joined

Mon Jun 17, 2013 7:57 pm