MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Squirrelwaffle


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27
SHA3-384 hash: 395913297fd417de4be5eec0ebf7f9e1e67d846e5b38d5a9b22baff102aaa608fd4ddd549b65c1d1d092b87c2ef48d51
SHA1 hash: 7cc03d7e00679fc2ac866860a72d1a78bee37c2a
MD5 hash: 7fcab487b86152ad589d53d936d4c55c
humanhash: black-september-bulldog-thirteen
File name:090921.dll
Download: download sample
Signature Squirrelwaffle
Create hunting rule
File size:376'202 bytes
First seen:2021-09-14 11:50:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3b97afa05f9af4726d1491fa3df117b6 (1 x Squirrelwaffle)
ssdeep 6144:GOEzu3m19VC4Dtrv4PYXLEdg6hrVjIWdPMgQGBf44hIH7:jEem19V3r4RpLQP4a
TLSH T10F846CA26D99D13DE2AE707BD8482FF14214B4381EDC56FB760B47A8523CA81B21D53F
dhash icon 0082e8d2d6e8d200 (1 x Squirrelwaffle)
Reporter ffforward
Tags:dll exe ldrloader SQUIRRELWAFFLE tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187805/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Sabsik.TE.Bml.11864.15809.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm overlay
Link:
https://www.filescan.io/uploads/61750ee99a5a1e91c5d20125/reports/96c7c65a-929d-453f-bad7-99a00dc3de47/overview
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/67ebe219-cb4c-4550-8430-a4513f4f2b49
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/850651
Signature
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 11:51:10 UTC
AV detection:
9 of 28 (32.14%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210914-nz5z5sffc8/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1d8efc7665bc83f1d7fe443ef4ce6c52eb4829769de0f7fb890b5b12bbcb92bd
MD5 hash:
1cfb3b43089741950a7bb53afc8a6c2f
SHA1 hash:
4b4f2e7006287e9fd8177869c00a8cd2be560058
Link:
https://www.unpac.me/results/cfc9b90e-abc4-4c32-93d3-ef43c8a3d05f/
SH256 hash:
8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27
MD5 hash:
7fcab487b86152ad589d53d936d4c55c
SHA1 hash:
7cc03d7e00679fc2ac866860a72d1a78bee37c2a
Link:
https://www.unpac.me/results/cfc9b90e-abc4-4c32-93d3-ef43c8a3d05f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Squirrelwaffle

Executable exe 8308975ce3092d911742cc0d5b83f17c04a7673fb50d00580429388b7aa0bd27

(this sample)

anyrun
any.run
https://app.any.run/tasks/fdfe5f3f-cbb4-4f1a-b8fb-929b3001e7a2
  
URLhaus
https://urlhaus.abuse.ch/url/1618875/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/187805/

Comments