Scaly Wolf’s new loader: the right tool for the wrong job

216.73.216.226

Scaly Wolf’s new loader: the right tool for the wrong job

· Published 02/05/2024 14:48 · Modified 02/05/2024 15:17

Essential information

Published: 02/05/2024 14:48
Modified: 02/05/2024 15:17
Tags: infostealer phishing white snake winapi
Related entities: 23 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 2 others

Description

The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications from government agencies, containing legitimate documents and password-protected archives with malicious executables. The executable is a loader that injects the White Snake stealer malware into the explorer.exe process, evading detection through anti-virtualization checks and kernel calls instead of WinAPI. The White Snake malware harvests credentials and sensitive data from compromised systems.

External references

https://bi-zone.medium.com/scaly-wolfs-new-loader-the-right-tool-for-the-wrong-job-0b36d4c20c88
https://otx.alienvault.com/pulse/6633a7d33e50ab19ed022c7e