Trusted Design

The Formidable FormBook Form Grabber

概要

More and more we’ve been seeing references to a malware family known as FormBook. Per its advertisements it is an infostealer that steals form data from various web browsers and other applications. It is also a keylogger and can take screenshots. The malware code is complicated, busy, and fairly obfuscated–there are no Windows API calls or obvious strings. This post will start to explore some of these obfuscations to get a better understanding of how FormBook works.

Created: 2026-02-23

Indicators

• FileHash-SHA256 - c2bbec7eb5efc46c21d5950bb625c02ee96f565d2b8202733e784e6210679db9 -
• FileHash-MD5 - 653922d5e914eb7e6d906a083d930e29 -
• FileHash-MD5 - 799c9ac9681548153f8b04dc3d8ffa70 -
• FileHash-SHA1 - 9a5c7cbf8b80b98afaf02e79987e678781d73d24 -
• URL - http://www.wowtracking.info/list/hx47/ -
• FileHash-SHA1 - 3969410b8ef70a8a510ca0151476c9190d3a8578 -
• FileHash-SHA256 - 0e2678f5d0173246c464a42aced9a6f5494e9f2619257ba7e468834e8708b726 -
• URL - http://www.bella-bg.com/private/ -
• FileHash-MD5 - 2ce2127042543e0d0ed7ecaec7709cfb -
• URL - http://www.allixannes.info/dr/ -
• FileHash-SHA1 - 2eca7643ef603dda09958a11060320540e2cc6ac -
• FileHash-SHA256 - d90d9e829656cb0b5dfb76faad37b35c6b5383763bd29a3d73c65311ab31dac5 -

類似Pulses

• Formbook malware used to install JRAT and HawkEye Keylogger (score: 0.69)
• New Banking Trojan Fobber, a new variant of Tinba (score: 0.55)
• Bookworm Trojan: A Model of Modular Architecture (score: 0.54)
• Stegoloader: A Stealthy Information Stealer (score: 0.53)
• Malicious Office files dropping Kasidet and Dridex (score: 0.52)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る