MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Squirrelwaffle


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f
SHA3-384 hash: 602d19a49742820c95fa1d7912e12873d4e4111a3e5b42aaaebd95ba075bee8cd2e3c8dc71dac9a599a246471a55fe53
SHA1 hash: 4a1e34488f21c336599dc7b576bdfda066f98522
MD5 hash: 6373e3b1950d7529d63262ebc9c76ea9
humanhash: papa-hamper-yellow-hotel
File name:5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f
Download: download sample
Signature Squirrelwaffle
Create hunting rule
File size:266'752 bytes
First seen:2021-09-21 15:57:15 UTC
Last seen:2021-09-21 17:02:50 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 6ab39574820a2a48b54bd7f4c3fe61dc (1 x Squirrelwaffle)
ssdeep 1536:tK4+iZammcvDYpYV8ZQ0BPeLcYFS5ZocmBh1ljiZKlBXTTEHs2nlWUU5B+opdTmk:immADHV8Zh1ekCl1lhBUBp1QKHKH9
Threatray 13 similar samples on MalwareBazaar
TLSH T1464419B8BF92CD54E0594AF482B28F60CE6657483D25CCDB92F9E9EC5A797C0780B143
File icon (PE):PE icon
dhash icon cad25aa896aa94c4 (1 x Squirrelwaffle)
Reporter malwarelabnet
Tags:dll SQUIRRELWAFFLE

Intelligence

File Origin
# of uploads :
2
# of downloads :
315
Origin country :
n/a
Vendor Threat Intelligence
Detection:
SquirrelWaffle
Create hunting rule
Link:
https://www.capesandbox.com/analysis/189934/
Detection(s):
SecuriteInfo.com.Artemis6373E3B1950D.24629.25758.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4455d38c-f864-4aa6-8460-68c0fd3e495d
Result
Threat name:
Squirrelwaffle
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/855059
Signature
PE file has nameless sections
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Squirrelwaffle
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-09-21 15:58:13 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c
Squirrelwaffle
0cf7c00b406b33ae2af9068885a9d3c1ba3993f3878aa06e052c3b0249a42d81
Squirrelwaffle
3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf
Squirrelwaffle
354f9844193171392a16a1a2262712d17638925f16aed9e9827f11e368e0fa05
Squirrelwaffle
4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6
Squirrelwaffle
64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
Squirrelwaffle
8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27
Squirrelwaffle
85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
Squirrelwaffle
8c9fffe15dfde4a07bbedb2454fa34c413534eb7b3143e90d004a0b406a1914d
Squirrelwaffle
ff44d683718a65333d448a513cb65905a41c526df81a75cdfb71f5335ea5d811
Squirrelwaffle
+ 3 additional samples on MalwareBazaar
Result
Malware family:
squirrelwaffle
Create hunting rule
Score:
  10/10
Tags:
family:squirrelwaffle downloader
Link:
https://tria.ge/reports/210921-tekflacehq/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
squirrelwaffle
SquirrelWaffle is a simple downloader written in C++.
Malware Config
C2 Extraction:
deanandwilconstruction.com/UXEvfuIlhws
arimeto.lv/Nm70oAfwB
gitamschool.com/oZbs0Oqw7uv
eresourcesmoneymarket.com/JbVwdgaV6l
flyershipmanager.com/SGAsORYsywt
Unpacked files
SH256 hash:
b0441bc63773e1719aac9acbd99f6e72bdd31017038e5e26af2646bef8c974f3
MD5 hash:
e58e26b525a717c0f140fd3c56b768ad
SHA1 hash:
b8222a45ce2f24d098f0de9745a8852c66879888
Link:
https://www.unpac.me/results/6be10903-5e74-4d5f-a9b2-7e612723dbca/
SH256 hash:
5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f
MD5 hash:
6373e3b1950d7529d63262ebc9c76ea9
SHA1 hash:
4a1e34488f21c336599dc7b576bdfda066f98522
Link:
https://www.unpac.me/results/6be10903-5e74-4d5f-a9b2-7e612723dbca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/5582447866948a38cb3d1013759854142cbbdc812de3d821c5d4c151e4ebbe6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/189934/

Comments