Our research team has identified a campaign in wild serving Formbook stealer. Based on the email content and sender it seems targeted towards UK. Below is the screenshot of the email body.
- Email Attachment – Scan 1722020 pdf.zip
- Hash – e5eb58f54fa93643b576611712afcf27
- Zipped Exe – Scan 1722020 pdf.exe – Any.Run
- Hash – 2c30459f114032b16470666e7010e770
Infection Flow
GET/POST Requests:
- hxxp://www.pabloms.com/wtm/- 54.36.201.100
- hxxp://www.briartekinternal.com/wtm – 192.0.78.25
- hxxp://www.nwrefacing.com/wtm/ – 50.63.202.47
- hxxp://www.nacemo.com/wtm/- 63.250.33.106
- hxxp://www.dinezonekuwait.com/wtm/ – 216.239.34.21