Today > | 7 High | 22 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

Scaly Wolf’s new loader: the right tool for the wrong job

May 2, 2024, 3:17 p.m.

Description

The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications from government agencies, containing legitimate documents and password-protected archives with malicious executables. The executable is a loader that injects the White Snake stealer malware into the explorer.exe process, evading detection through anti-virtualization checks and kernel calls instead of WinAPI. The White Snake malware harvests credentials and sensitive data from compromised systems.

Date

Published: May 2, 2024, 2:48 p.m.

Created: May 2, 2024, 2:48 p.m.

Modified: May 2, 2024, 3:17 p.m.

Indicators

cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41

93948c7fb89059e1f63af04feef0a0834b65b18ffaf6610b419adbc0e271e23d

10330fcc378db73346501b2a26d2c749f51cacd962b54c62aa017dd9c1ed77c3

66.42.56.128

64.227.21.98

45.61.136.52

45.61.136.13

23.248.176.37

23.224.102.6

216.250.190.139

212.6.44.53

206.189.109.146

193.142.58.127

192.99.196.191

185.217.98.121

185.119.118.59

164.90.185.9

154.26.128.6

149.88.44.159

144.126.132.141

116.202.101.219

107.161.20.142

104.248.208.221

Attack Patterns

White Snake

Scaly Wolf

T1559.001

T1003.001

T1036.004

T1053.005

T1497.001

T1012

T1497

T1005

T1566.001

T1055

Additional Informations

Belarus

Russian Federation