Scaly Wolf’s new loader: the right tool for the wrong job
May 2, 2024, 3:17 p.m.
Tags
External References
Description
The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications from government agencies, containing legitimate documents and password-protected archives with malicious executables. The executable is a loader that injects the White Snake stealer malware into the explorer.exe process, evading detection through anti-virtualization checks and kernel calls instead of WinAPI. The White Snake malware harvests credentials and sensitive data from compromised systems.
Date
Published: May 2, 2024, 2:48 p.m.
Created: May 2, 2024, 2:48 p.m.
Modified: May 2, 2024, 3:17 p.m.
Indicators
cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41
93948c7fb89059e1f63af04feef0a0834b65b18ffaf6610b419adbc0e271e23d
10330fcc378db73346501b2a26d2c749f51cacd962b54c62aa017dd9c1ed77c3
66.42.56.128
64.227.21.98
45.61.136.52
45.61.136.13
23.248.176.37
23.224.102.6
216.250.190.139
212.6.44.53
206.189.109.146
193.142.58.127
192.99.196.191
185.217.98.121
185.119.118.59
164.90.185.9
154.26.128.6
149.88.44.159
144.126.132.141
116.202.101.219
107.161.20.142
104.248.208.221
Attack Patterns
White Snake
Scaly Wolf
T1559.001
T1003.001
T1036.004
T1053.005
T1497.001
T1012
T1497
T1005
T1566.001
T1055
Additional Informations
Belarus
Russian Federation