Inside SnipBot: The Latest RomCom Malware Variant

SUMMARY :

A novel version of the RomCom malware family called SnipBot has been discovered, revealing post-infection activity from attackers on victim systems. This new strain employs new tricks and unique code obfuscation methods beyond those seen in previous RomCom versions. The infection chain begins with a downloader disguised as a PDF, followed by multiple stages including DLLs injected into explorer.exe. SnipBot provides backdoor capabilities allowing command execution, file exfiltration, and additional payload downloads. Analysis of attacker post-infection activity shows attempts to gather network information, exfiltrate files, and explore Active Directory. The malware authors appear experienced but not elite, with some minor code flaws present. SnipBot has evolved from earlier RomCom versions, with samples dating back to December 2023.

OPENCTI LABELS :

romcom,snipbot


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Inside SnipBot: The Latest RomCom Malware Variant