Genel Bakış
WhiteSnake, Python ile geliştirildi.
MalwareBazaar İstihbarat Verileri
Hash Örnekleri (İlk 50)
| SHA256 | MD5 | İlk Görülme | Tip | Boyut |
|---|---|---|---|---|
| f7b02278a2310a2657dc... | a338043c6b5260df... | 2023-05-23 | exe | 501.760 |
| 3045204d9a96a343d859... | 1876889de0ce1535... | 2023-05-23 | exe | 1.053.696 |
| c219beaecc91df926557... | a65e9165a47ed2cd... | 2023-05-22 | exe | 501.760 |
| 446278b00e672276ebd7... | aec814bf30dd191b... | 2023-05-08 | exe | 352.256 |
IOC Özeti
- Bu analiz 4 adet benzersiz WhiteSnake örneğini kapsar.
- Toplam 8 hash IOC kayıt altına alındı.
- Kampanya aktivitesi: 2023-05-08 ile 2023-05-23 arasında tespit edildi.
WhiteSnake — Malware Profile
WhiteSnake, Python ile geliştirildi.
Malware Type
Infostealer
Programming Language
Python
C2 Protocol
HTTP
Target Systems
Windows
Technical Details
C#/.NET, HTTP/gRPC C2 destegi, browser stealer, kripto wallet scraper, Telegram/Discord token stealer, Exodus/Atomic wallet stealer, clipboard hijacker, anti-VM
Capabilities & Behavior
Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı
IOC List (16 indicators)
IOC — WhiteSnake
# SHA256
f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50
# SHA256
3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984
# SHA256
c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7
# SHA256
446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89
# SHA256
f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50
# SHA256
3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984
# SHA256
c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7
# SHA256
446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89
# MD5
a338043c6b5260df6b7ce4c4ec3d1b80
# MD5
1876889de0ce153587f537c23f490364
# MD5
a65e9165a47ed2cd2f168bf71db4181e
# MD5
aec814bf30dd191b641feef457a718ce
# MD5
a338043c6b5260df6b7ce4c4ec3d1b80
# MD5
1876889de0ce153587f537c23f490364
# MD5
a65e9165a47ed2cd2f168bf71db4181e
# MD5
aec814bf30dd191b641feef457a718ce
| Type | Value | Note |
|---|---|---|
| sha256 | f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 | MB:WhiteSnake |
| sha256 | 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 | MB:WhiteSnake |
| sha256 | c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 | MB:WhiteSnake |
| sha256 | 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 | MB:WhiteSnake |
| sha256 | f7b02278a2310a2657dcca702188af461ce8450dc0c5bced802773ca8eab6f50 | MB:WhiteSnake |
| sha256 | 3045204d9a96a343d859fcd0391a576d5685637f602249e298cf45a9733a9984 | MB:WhiteSnake |
| sha256 | c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7 | MB:WhiteSnake |
| sha256 | 446278b00e672276ebd77b7a20356f9fdad4aeb0add39d714de87f3c6b17af89 | MB:WhiteSnake |
| md5 | a338043c6b5260df6b7ce4c4ec3d1b80 | MB:WhiteSnake |
| md5 | 1876889de0ce153587f537c23f490364 | MB:WhiteSnake |
| md5 | a65e9165a47ed2cd2f168bf71db4181e | MB:WhiteSnake |
| md5 | aec814bf30dd191b641feef457a718ce | MB:WhiteSnake |
| md5 | a338043c6b5260df6b7ce4c4ec3d1b80 | MB:WhiteSnake |
| md5 | 1876889de0ce153587f537c23f490364 | MB:WhiteSnake |
| md5 | a65e9165a47ed2cd2f168bf71db4181e | MB:WhiteSnake |
| md5 | aec814bf30dd191b641feef457a718ce | MB:WhiteSnake |
C2 Servers (2 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| 193.233.134.74 | ip | 8080 | HTTP | inactive | RU |
| 185.220.101.46 | ip | 80 | HTTP | sinkholed | DE |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.