Inside snipbot: the latest romcom malware variant

Intel Name: Inside snipbot: the latest romcom malware variant

Date of Scan: September 24, 2024

Impact: High

Summary:
We’ve uncovered a new variant of the RomCom malware family named SnipBot, revealing post-infection activity on victim systems for the first time. This strain employs unique obfuscation techniques alongside methods from earlier versions, RomCom 3.0 and PEAPOD (RomCom 4.0). In early April, our Advanced WildFire sandbox identified a suspicious DLL linked to the SnipBot toolkit. By analyzing the malware and leveraging Cortex XDR telemetry, we reconstructed the infection chain and the attacker’s actions.

More Details