MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Squirrelwaffle

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e
SHA3-384 hash:	f9871c0365b3b96b2ce25c9525fe73df0afef0d933cdd3a829bd27a012e170fbe5d36641f4d30693f120bff6273ffa03
SHA1 hash:	bcdfd82522a0a45af4e4064c7f509b29b8ea83ed
MD5 hash:	539e0a32348f112da72bb7868fd5cfac
humanhash:	echo-avocado-music-speaker
File name:	test.test
Download:	download sample
Signature	Squirrelwaffle Create hunting rule
File size:	227'945 bytes
First seen:	2021-09-23 19:20:58 UTC
Last seen:	2021-09-23 20:01:17 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	e4f20dcaf127d11fc6a902b3f45a641d (1 x Squirrelwaffle)
ssdeep	1536:ZXAlLBLNjw1dAoHq8pePOOzPSb/cntzPp9QqGxuFlzXUb9KqJiyrTUIysD//ReCv:BAlLzjl86uSPp9cxvCj
Threatray	7 similar samples on MalwareBazaar
TLSH	T131244CE5BC4D4C63FCD435318693AD6CA91C3BC3B02C328F729EB4586577E8A8986E50
File icon (PE):
dhash icon	88a8a08c8c8ea8a8 (5 x Squirrelwaffle, 4 x Formbook, 3 x ArkeiStealer)
Reporter	ffforward
Tags:	dll SQUIRRELWAFFLE test tr

Intelligence

File Origin

# of uploads :

# of downloads :

203

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/190855/

Detection(s):

SecuriteInfo.com.Suspicious.Win32.Save.a.17772.17184.UNOFFICIAL

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/45cecb5a-4106-4983-9aa5-28ac1229a60e

Result

Threat name:

Squirrelwaffle

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/856862

Signature

Machine Learning detection for sample

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Yara detected Squirrelwaffle

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e/

Threat name:

Win32.Trojan.Squirrelwaffle

Status:

Suspicious

First seen:

2021-09-23 19:21:04 UTC

AV detection:

12 of 28 (42.86%)

Threat level:

5/5

Verdict:

malicious

Squirrelwaffle

34f2232d9aa407155dc3f4dabaf907c2656e2e5a84c98b4c8d3ed1d50e475c87

Squirrelwaffle

4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6

Squirrelwaffle

5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f

Squirrelwaffle

64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb

Squirrelwaffle

8c9fffe15dfde4a07bbedb2454fa34c413534eb7b3143e90d004a0b406a1914d

Squirrelwaffle

ff44d683718a65333d448a513cb65905a41c526df81a75cdfb71f5335ea5d811

Squirrelwaffle

Result

Malware family:

squirrelwaffle

Score:

10/10

Tags:

family:squirrelwaffle downloader suricata

Link:

https://tria.ge/reports/210923-x2mq1sfacm/

Behaviour

Suspicious use of WriteProcessMemory

Blocklisted process makes network request

squirrelwaffle

SquirrelWaffle is a simple downloader written in C++.

suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

suricata: ET MALWARE SQUIRRELWAFFLE Server Response

Malware Config

C2 Extraction:

pop.vicamtaynam.com/VtyiHAft
snsvidyapeeth.in/aXmo2Dr3
trinitytesttubebaby.com/QR2JvfE3Sv
iconskw.com/cqdPtAbZ
ebookchuyennganh.com/v9PMvQDxHK8W
alsader.net/BHdQaiQ9rt
avyanshglobal.com/6pYjPlqf
primahills-online.com/ypCiZn7tMx
antoniocastroycia.com.co/WHe08obY
apexbiotech.net/VQgunQ4t5Ue
vscm.in/V3tYKxDz
sinaloworx.co.za/3GilA8Eo3r
dancongnghe.xyz/yRByhX6J3REI
trajesuniformes.com.br/qQofZMaJm
fiorenzapaes.com.br/PGYpETW7
astetinternational.com/arW5e44Y7vzO
razisystem.ir/MqvvkX0cWvn
krishnaiti.org.in/rWA02HQY4

Unpacked files

SH256 hash:

aa800329a98540b6c0d48752a3677963d6d09c6a7122976d6ef149eb88e9a854

MD5 hash:

78b4a9fa448f1a2e5c8caf0e6e0295a5

SHA1 hash:

06ac114d19b2d9487b18b2a61e5671a6b3b8aa7b

Link:

https://www.unpac.me/results/4a0802cd-6e57-437d-ae54-ded3b4a7bb3f/

SH256 hash:

4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e

MD5 hash:

539e0a32348f112da72bb7868fd5cfac

SHA1 hash:

bcdfd82522a0a45af4e4064c7f509b29b8ea83ed

Link:

https://www.unpac.me/results/4a0802cd-6e57-437d-ae54-ded3b4a7bb3f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Squirrelwaffle

DLL dll 4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/190855/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample