Intel Name: Inside snipbot: the latest romcom malware variant
Date of Scan: September 24, 2024
Impact: High
Summary: We’ve uncovered a new variant of the RomCom malware family named SnipBot, revealing post-infection activity on victim systems for the first time. This strain employs unique obfuscation techniques alongside methods from earlier versions, RomCom 3.0 and PEAPOD (RomCom 4.0). In early April, our Advanced WildFire sandbox identified a suspicious DLL linked to the SnipBot toolkit. By analyzing the malware and leveraging Cortex XDR telemetry, we reconstructed the infection chain and the attacker’s actions.