win.formbook (Back to overview)

Formbook

URLhaus    

FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.

References
https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html
http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/
https://www.peerlyst.com/posts/how-to-understand-formbook-a-new-malware-as-a-service-sudhendu?
http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html
https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/
https://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/
https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-inside-formbook-infostealer/
http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html
https://www.botconf.eu/wp-content/uploads/2018/12/2018-R-Jullian-In-depth-Formbook-Malware-Analysis.pdf
https://www.peerlyst.com/posts/how-to-analyse-formbook-a-new-malware-as-a-service-sudhendu?trk=explore_page_resources_recent
https://blog.talosintelligence.com/2018/06/my-little-formbook.html