WhiteSnake Stealer Delivered In A Multi-Stage Phishing Campaign
A recent multi-staged phishing campaign disguised as tax invoices dropped the WhiteSnake malware on unsuspecting recipient machines. The initial stage employed a Windows batch script that deployed a PowerShell dropper which further decrypts and executes two payloads. The payloads included an AMSI bypass and the WhiteSnake loader which then decrypted and ran the WhiteSnake stealer malware. Once executed the stealer can detect sandbox environments setting persistence through task scheduling and various exfiltration techniques including Telegram and attacker controlled C2 servers. Other features include keylogging webcam and audio recording as well as cryptojacking.