MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Squirrelwaffle


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d
SHA3-384 hash: 78cdedef506c0ee524e5bd63945e68879531dc929a5edd93df0492bc3542fc9403f438e70e35e3b66cd3bae26d1a279a
SHA1 hash: 9d91401903a35835349521bbf578039aef934eea
MD5 hash: 1515633aa74826ddde0648e7829ea880
humanhash: echo-lamp-snake-emma
File name:1515633aa74826ddde0648e7829ea880.dll
Download: download sample
Signature Squirrelwaffle
Create hunting rule
File size:262'534 bytes
First seen:2021-09-27 13:57:22 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3d1983e49cfb4879bcb1c597531474e3 (2 x Squirrelwaffle)
ssdeep 3072:CmmeuJ6jkhHVFpvq69D6UkqGFpMdsiOXdaygQ6YToG+rt:BmRJAkbFJqVvBpMZOcQ3Gt
TLSH T13E44BF1A7AD7D071C82845B98892C5E2F679B8555F68C3833AF93F3F59B30C20D6624A
Reporter abuse_ch
Tags:dll SQUIRRELWAFFLE

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Squirrelwaffle
Create hunting rule
Link:
https://www.capesandbox.com/analysis/192130/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending an HTTP POST request
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/70739729-f514-4a86-9aed-9262245952a2
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/859031
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 491476 Sample: CtA6PM39ME.dll Startdate: 27/09/2021 Architecture: WINDOWS Score: 26 19 Machine Learning detection for sample 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d/
Result
Malware family:
squirrelwaffle
Create hunting rule
Score:
  10/10
Tags:
family:squirrelwaffle downloader suricata
Link:
https://tria.ge/reports/210927-q9te7shbdp/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
squirrelwaffle
SquirrelWaffle is a simple downloader written in C++.
suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Server Response
Malware Config
C2 Extraction:
acdlimited.com/2u6aW9Pfe
jornaldasoficinas.com/ZF8GKIGVDupL
orldofjain.com/lMsTA7tSYpe
altayaralsudani.net/SSUsPgb7PHgC
hoteloaktree.com/QthLWsZsVgb
aterwellnessinc.com/U7D0sswwp
sirifinco.com/Urbhq9wO50j
ordpress17.com/5WG6Z62sKWo
mohsinkhanfoundation.com/pcQLeLMbur
lendbiz.vn/xj3BhHtMbf
geosever.rs/ObHP1CHt
nuevainfotech.com/xCNyTjzkoe
dadabhoy.pk/m6rQE94U
111
sjgrand.lk/zvMYuQqEZj
erogholding.com/GFM1QcCFk
armordetailing.rs/lgfrZb4Re6WO
lefrenchwineclub.com/eRUGdDox
Unpacked files
SH256 hash:
80c8821b5c8724f14faef28a9af3837498cebd095de179adb5092173d7f15f03
MD5 hash:
1317bbe163ec320f2a3af3b05e16d8fe
SHA1 hash:
1fc3b4cfed8fb43c50bbd9accf53b8de68886712
Link:
https://www.unpac.me/results/222a555c-8cf8-4cdf-b8c5-f8c43c876d5b/
SH256 hash:
278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d
MD5 hash:
1515633aa74826ddde0648e7829ea880
SHA1 hash:
9d91401903a35835349521bbf578039aef934eea
Link:
https://www.unpac.me/results/222a555c-8cf8-4cdf-b8c5-f8c43c876d5b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Squirrelwaffle

DLL dll 278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1645494/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/192130/

Comments