WhiteSnake Stealer (Malware Family)

WhiteSnake Stealer

WhiteSnake Stealer, discovered in February 2022, is a sophisticated .NET data-stealing malware that targets browsers, applications, and crypto wallets.

The builder can build payloads in different file formats such as EXE, SCR, COM, CMD, BAT, VBS, PIF, WSF, .hta, MSI, PY, DOC, DOCM, XLS, XLL, XLSM. Some of these (python, bash) allow the malware to run on Linux systems.

The stealer has two execution methods:

* Non-resident - the stealer auto-deletes itself after successful execution
* Resident - the stealer beacons out to the C2 (possibly in the TOR network)

WhiteSnake Stealer can gather system information, execute remote commands, spread through USB drives, and perform tasks like keylogging, file management, and webcam access.

References

2024-03-11 ⋅ Dr.Web ⋅ Dr.Web
Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector
WhiteSnake Stealer

2023-09-07 ⋅ abuse.ch ⋅ abuse.ch
WhiteSnake Stealer malware sample on MalwareBazaar
WhiteSnake Stealer

2023-08-01 ⋅ Infinitum IT ⋅ Kerime Gencay
White Snake Stealer Analysis Report (Paywall)
WhiteSnake Stealer

2023-07-04 ⋅ Russian Panda Research Blog ⋅ RussianPanda
Unleashing the Viper : A Technical Analysis of WhiteSnake Stealer
WhiteSnake Stealer

There is no Yara-Signature yet.

WhiteSnake Stealer Propose Change

References

WhiteSnake Stealer