Genel Bakış

WhiteSnake, Python ile geliştirildi.

MalwareBazaar İstihbarat Verileri

Hash Örnekleri (İlk 50)

SHA256MD5İlk GörülmeTipBoyut
f7b02278a2310a2657dc... a338043c6b5260df... 2023-05-23 exe 501.760
3045204d9a96a343d859... 1876889de0ce1535... 2023-05-23 exe 1.053.696
c219beaecc91df926557... a65e9165a47ed2cd... 2023-05-22 exe 501.760
446278b00e672276ebd7... aec814bf30dd191b... 2023-05-08 exe 352.256

IOC Özeti

  • Bu analiz 4 adet benzersiz WhiteSnake örneğini kapsar.
  • Toplam 8 hash IOC kayıt altına alındı.
  • Kampanya aktivitesi: 2023-05-08 ile 2023-05-23 arasında tespit edildi.

WhiteSnake — Malware Profile

WhiteSnake, Python ile geliştirildi.

Malware Type
Infostealer
Programming Language
Python
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

C#/.NET, HTTP/gRPC C2 destegi, browser stealer, kripto wallet scraper, Telegram/Discord token stealer, Exodus/Atomic wallet stealer, clipboard hijacker, anti-VM

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (16 indicators)

IOC — WhiteSnake
# SHA256 f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 # SHA256 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 # SHA256 c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 # SHA256 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 # SHA256 f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 # SHA256 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 # SHA256 c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 # SHA256 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 # MD5 a338043c6b5260df6b7ce4c4ec3d1b80 # MD5 1876889de0ce153587f537c23f490364 # MD5 a65e9165a47ed2cd2f168bf71db4181e # MD5 aec814bf30dd191b641feef457a718ce # MD5 a338043c6b5260df6b7ce4c4ec3d1b80 # MD5 1876889de0ce153587f537c23f490364 # MD5 a65e9165a47ed2cd2f168bf71db4181e # MD5 aec814bf30dd191b641feef457a718ce
TypeValueNote
sha256 f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 MB:WhiteSnake
sha256 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 MB:WhiteSnake
sha256 c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 MB:WhiteSnake
sha256 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 MB:WhiteSnake
sha256 f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 MB:WhiteSnake
sha256 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 MB:WhiteSnake
sha256 c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 MB:WhiteSnake
sha256 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 MB:WhiteSnake
md5 a338043c6b5260df6b7ce4c4ec3d1b80 MB:WhiteSnake
md5 1876889de0ce153587f537c23f490364 MB:WhiteSnake
md5 a65e9165a47ed2cd2f168bf71db4181e MB:WhiteSnake
md5 aec814bf30dd191b641feef457a718ce MB:WhiteSnake
md5 a338043c6b5260df6b7ce4c4ec3d1b80 MB:WhiteSnake
md5 1876889de0ce153587f537c23f490364 MB:WhiteSnake
md5 a65e9165a47ed2cd2f168bf71db4181e MB:WhiteSnake
md5 aec814bf30dd191b641feef457a718ce MB:WhiteSnake

C2 Servers (2 recorded servers for this family)

Address Type Port Protocol Status Country
193.233.134.74 ip 8080 HTTP inactive RU
185.220.101.46 ip 80 HTTP sinkholed DE

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
bulkiocmalwarebazaarinfostealerwhitesnake