MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Squirrelwaffle

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf
SHA3-384 hash:	f15e51821ed9bc9536dac7877a41104cc4e4eb808aed1743287c97f9039395ae59276babf523f5a380a1640e7e2a032f
SHA1 hash:	4ad69a31a65172cdcaa6e3ea1afad7b4e30b88d9
MD5 hash:	69c9b5e0c3e6346f468ed148fc318529
humanhash:	twenty-comet-pip-wisconsin
File name:	test.test
Download:	download sample
Signature	Squirrelwaffle Create hunting rule
File size:	255'133 bytes
First seen:	2021-09-20 11:44:54 UTC
Last seen:	2021-09-20 13:01:16 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	ae58eccde50cf13d31ec71d58a5eb86c (1 x Squirrelwaffle)
ssdeep	3072:x4F3joUMzh1nR9SSvAnmbkym+3j0SuS9fy8fL+g1Eh4dLB5I0cGFiY8QqC2:VhI4A9C9yZJpOixQq
Threatray	13 similar samples on MalwareBazaar
TLSH	T1A2446F7DBAEEE1B6E5814578207A3EF157F60D30D8006461ED8CFDE82570DE2ABA0617
File icon (PE):
dhash icon	10808a8c8c8a8010 (77 x Formbook, 51 x AgentTesla, 44 x RemcosRAT)
Reporter	ffforward
Tags:	dll SQUIRRELWAFFLE test tr

Intelligence

File Origin

# of uploads :

2

# of downloads :

180

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/189418/

Detection(s):

SecuriteInfo.com.UDS.Trojan.Win32.Agentb.a.24708.5048.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/113659d3-5eee-4a72-9428-aa0137dd167e

Result

Threat name:

Squirrelwaffle

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/854013

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Yara detected Squirrelwaffle

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf/

Threat name:

Win32.Infostealer.Aicat

Status:

Malicious

First seen:

2021-09-20 11:45:12 UTC

AV detection:

21 of 45 (46.67%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c

0cf7c00b406b33ae2af9068885a9d3c1ba3993f3878aa06e052c3b0249a42d81

354f9844193171392a16a1a2262712d17638925f16aed9e9827f11e368e0fa05

4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6

5ee98ae0d927e1471de002517a1d09e8065064e83a87616762a988e47505b0fa

8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27

85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939

8c9fffe15dfde4a07bbedb2454fa34c413534eb7b3143e90d004a0b406a1914d

e10d8b2c6343432a4384928f91b398c9223a0155385ba1405192c614c6e1cf83

ff44d683718a65333d448a513cb65905a41c526df81a75cdfb71f5335ea5d811

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210920-nwry4sgegk/

Behaviour

Suspicious use of WriteProcessMemory

Blocklisted process makes network request

Unpacked files

SH256 hash:

97539064d2044fd3992a628ad1ae3616ff11121e45d71441509f54c4fc07b552

MD5 hash:

237d35334838795d556c1ec37807f30c

SHA1 hash:

834b3f4beafa31f14e9c192646239cfa7bf88d06

Link:

https://www.unpac.me/results/0b3901cc-0ee1-4fa8-82a1-209285d8d18f/

SH256 hash:

3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf

MD5 hash:

69c9b5e0c3e6346f468ed148fc318529

SHA1 hash:

4ad69a31a65172cdcaa6e3ea1afad7b4e30b88d9

Link:

https://www.unpac.me/results/0b3901cc-0ee1-4fa8-82a1-209285d8d18f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf

(this sample)

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/189418/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample