Scaly Wolf’s new loader: the right tool for the wrong job
released on 2024-05-02 @ 02:48:51 PM
The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications from government agencies, containing legitimate documents and password-protected archives with malicious executables. The executable is a loader that injects the White Snake stealer malware into the explorer.exe process, evading detection through anti-virtualization checks and kernel calls instead of WinAPI. The White Snake malware harvests credentials and sensitive data from compromised systems.