MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Squirrelwaffle


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash: 2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
SHA3-384 hash: 2fa2f9c1f4c497e8cb292a037784b5520acc6a8ba6c43c5b7008c81fca6df8ef2a60accf85f11f863060a4bb6c875dab
SHA1 hash: 09a38940ef023929897fdc9c996de0b0f39116e2
MD5 hash: 803768a34f7e59b8a9a2f3969624c47e
humanhash: chicken-gee-uranus-mississippi
File name:803768a34f7e59b8a9a2f3969624c47e.dll
Download: download sample
Signature Squirrelwaffle
File size:519'145 bytes
First seen:2021-09-27 17:41:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5097c68ca7573db2997ab353ba37473b (1 x Squirrelwaffle)
ssdeep 12288:+xyHC8LAE/azElTT4c7Bo+526Tb/jXiQle601:eb8LxazE9X7C96Tz7iA/C
Threatray 19 similar samples on MalwareBazaar
TLSH T124B47E36F390B432C1633D3CCE5BA368983D7E422A1868466AED1D489F3F7417669397
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (74 x ArkeiStealer, 7 x Hancitor, 6 x Quakbot)
Reporter @abuse_ch
Tags:dll SQUIRRELWAFFLE

Intelligence


File Origin
# of uploads :
1
# of downloads :
131
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending an HTTP POST request
Result
Threat name:
CobaltStrike Metasploit Squirrelwaffle
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected CobaltStrike
Yara detected Metasploit Payload
Yara detected Squirrelwaffle
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Injuke
Status:
Malicious
First seen:
2021-09-27 17:42:12 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Result
Malware family:
squirrelwaffle
Score:
  10/10
Tags:
family:squirrelwaffle downloader
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
squirrelwaffle
SquirrelWaffle is a simple downloader written in C++.
Malware Config
C2 Extraction:
acdlimited.com/2u6aW9Pfe
jornaldasoficinas.com/ZF8GKIGVDupL
orldofjain.com/lMsTA7tSYpe
altayaralsudani.net/SSUsPgb7PHgC
hoteloaktree.com/QthLWsZsVgb
aterwellnessinc.com/U7D0sswwp
sirifinco.com/Urbhq9wO50j
ordpress17.com/5WG6Z62sKWo
mohsinkhanfoundation.com/pcQLeLMbur
lendbiz.vn/xj3BhHtMbf
geosever.rs/ObHP1CHt
nuevainfotech.com/xCNyTjzkoe
dadabhoy.pk/m6rQE94U
111
sjgrand.lk/zvMYuQqEZj
erogholding.com/GFM1QcCFk
armordetailing.rs/lgfrZb4Re6WO
lefrenchwineclub.com/eRUGdDox
Unpacked files
SH256 hash:
61a2d98010dfd343b8df7450a7ed498d0f91c7d6a170e86ddfd1b2b83486de59
MD5 hash:
e93d470f3e96cacf8087a491ea2bb12a
SHA1 hash:
35cf553928c4e15c449f9ac7ff992fd751a48cff
SH256 hash:
2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
MD5 hash:
803768a34f7e59b8a9a2f3969624c47e
SHA1 hash:
09a38940ef023929897fdc9c996de0b0f39116e2
Malware family:
CryptOne
Verdict:
Malicious

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:Windows_Loader_SquirrelWaffle
Description:Identifies strings/byte sequence used in unpacked SquirrelWaffle loader
Rule name:win_squirrelwaffle_loader
Author:Rony(@r0ny_123)
Description:Detects unpacked squirrelwaffle loader

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Squirrelwaffle

DLL dll 2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a

(this sample)

  
Delivery method
Distributed via web download

Comments