SYMBOLCOMMON_NAMEaka. SYNONYMS
win.whitesnake (Back to overview)

WhiteSnake Stealer


WhiteSnake Stealer, discovered in February 2022, is a sophisticated .NET data-stealing malware that targets browsers, applications, and crypto wallets.

The builder can build payloads in different file formats such as EXE, SCR, COM, CMD, BAT, VBS, PIF, WSF, .hta, MSI, PY, DOC, DOCM, XLS, XLL, XLSM. Some of these (python, bash) allow the malware to run on Linux systems.

The stealer has two execution methods:

* Non-resident - the stealer auto-deletes itself after successful execution
* Resident - the stealer beacons out to the C2 (possibly in the TOR network)

WhiteSnake Stealer can gather system information, execute remote commands, spread through USB drives, and perform tasks like keylogging, file management, and webcam access.

References
2024-03-11Dr.WebDr.Web
Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector
WhiteSnake Stealer
2023-09-07abuse.chabuse.ch
WhiteSnake Stealer malware sample on MalwareBazaar
WhiteSnake Stealer
2023-08-01Infinitum ITKerime Gencay
White Snake Stealer Analysis Report (Paywall)
WhiteSnake Stealer
2023-07-04Russian Panda Research BlogRussianPanda
Unleashing the Viper : A Technical Analysis of WhiteSnake Stealer
WhiteSnake Stealer

There is no Yara-Signature yet.