Cert2Connect

WhiteSnake Stealer Delivered In A Multi-Stage Phishing Campaign

A recent multi-staged phishing campaign disguised as tax invoices dropped the WhiteSnake malware on unsuspecting recipient machines. The initial stage employed a Windows batch script that deployed a PowerShell dropper which further decrypts and executes two payloads. The payloads included an AMSI bypass and the WhiteSnake loader which then decrypted and ran the WhiteSnake stealer malware. Once executed the stealer can detect sandbox environments setting persistence through task scheduling and various exfiltration techniques including Telegram and attacker controlled C2 servers. Other features include keylogging webcam and audio recording as well as cryptojacking.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak