MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Squirrelwaffle


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b
SHA3-384 hash: c609e00f3c2c5e28d2e7da63381b907c2d06c0fd55669231052495377ea769f3cad36c60d8043fc9b8eb072b578e4c31
SHA1 hash: 8e1502c2aa56e6a8c7c1d2c75f3946332a5bb8c0
MD5 hash: 8e37795097400f6a609525749d154cd0
humanhash: echo-fillet-steak-vermont
File name:test1.test
Download: download sample
Signature Squirrelwaffle
Create hunting rule
File size:241'312 bytes
First seen:2021-09-27 13:12:05 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3d1983e49cfb4879bcb1c597531474e3 (2 x Squirrelwaffle)
ssdeep 3072:CmmeuJ6jkhHVFpvq69D6UkqGFpMdsiOXdaygQ6YToG+rt:BmRJAkbFJqVvBpMZOcQ3Gt
Threatray 1'987 similar samples on MalwareBazaar
TLSH T19034BF1A7AD7D071C82845B98892C5E2F679B8555F68C3833AF93F3F59B30C20D6624A
Reporter ffforward
Tags:dll SQUIRRELWAFFLE test tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Squirrelwaffle
Create hunting rule
Link:
https://www.capesandbox.com/analysis/192098/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a09fe726-3242-409d-be79-aa127ef511e7
Result
Threat name:
Squirrelwaffle
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/858992
Signature
Machine Learning detection for sample
Yara detected Squirrelwaffle
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 491420 Sample: test1.test Startdate: 27/09/2021 Architecture: WINDOWS Score: 52 19 Yara detected Squirrelwaffle 2->19 21 Machine Learning detection for sample 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b/
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c
Squirrelwaffle
07c7cb49350bf3c6de4193fb2eeb8dd92d6662d60393ebd483a54bac80fb0b44
Squirrelwaffle
0cf7c00b406b33ae2af9068885a9d3c1ba3993f3878aa06e052c3b0249a42d81
Squirrelwaffle
354f9844193171392a16a1a2262712d17638925f16aed9e9827f11e368e0fa05
Squirrelwaffle
85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
Squirrelwaffle
86b670d81a26ea394f7c0edebdc93e8f9bd6ce6e0a8d650e32a0fe36c93f0dee
Squirrelwaffle
893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3
Squirrelwaffle
b8402a77572821ec8207a9ee56b0f0a143b1d156c3b6c4e0ae8449e11d2bc076
Squirrelwaffle
+ 1'977 additional samples on MalwareBazaar
Result
Malware family:
squirrelwaffle
Create hunting rule
Score:
  10/10
Tags:
family:squirrelwaffle downloader suricata
Link:
https://tria.ge/reports/210927-qfkk7shafj/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
squirrelwaffle
SquirrelWaffle is a simple downloader written in C++.
suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Server Response
Malware Config
C2 Extraction:
acdlimited.com/2u6aW9Pfe
jornaldasoficinas.com/ZF8GKIGVDupL
orldofjain.com/lMsTA7tSYpe
altayaralsudani.net/SSUsPgb7PHgC
hoteloaktree.com/QthLWsZsVgb
aterwellnessinc.com/U7D0sswwp
sirifinco.com/Urbhq9wO50j
ordpress17.com/5WG6Z62sKWo
mohsinkhanfoundation.com/pcQLeLMbur
lendbiz.vn/xj3BhHtMbf
geosever.rs/ObHP1CHt
nuevainfotech.com/xCNyTjzkoe
dadabhoy.pk/m6rQE94U
111
sjgrand.lk/zvMYuQqEZj
erogholding.com/GFM1QcCFk
armordetailing.rs/lgfrZb4Re6WO
lefrenchwineclub.com/eRUGdDox
Unpacked files
SH256 hash:
e2193ae7481b5269409c9617e2237d02dbab59680652ac99b97593bd4cc6731a
MD5 hash:
9619e6085232d413f71fa032416af145
SHA1 hash:
a3b8ed8fda95223cf5d3403b87ef025918720623
Link:
https://www.unpac.me/results/ee01b91e-6688-4ea3-821c-cef7ee8577b8/
SH256 hash:
6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b
MD5 hash:
8e37795097400f6a609525749d154cd0
SHA1 hash:
8e1502c2aa56e6a8c7c1d2c75f3946332a5bb8c0
Link:
https://www.unpac.me/results/ee01b91e-6688-4ea3-821c-cef7ee8577b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Squirrelwaffle

DLL dll 6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/192098/

Comments