MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Squirrelwaffle


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
SHA3-384 hash: 91454f143c1b843d8e289007925c5b5f58067e5b2ce030c5aec31ebb4771279e321c7e31c5a0daa8328225e0f420c73d
SHA1 hash: bee82e104c1082442c7ff029b2781a04a3e80cd5
MD5 hash: 5ec89ea30af2cc38ae183d12ffacbcf7
humanhash: music-winter-don-equal
File name:www1.dll
Download: download sample
Signature Squirrelwaffle
Create hunting rule
File size:323'732 bytes
First seen:2021-09-16 14:36:48 UTC
Last seen:2021-09-16 15:48:14 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash bdbadc9dee7707cf048521add650ef70 (1 x Squirrelwaffle)
ssdeep 6144:ej1OFd1uuTko8P6+YVhZQnD/HhAGNR2orlBWRLG/lLSQ56b/slroS:cOPAuTf8C+YxmDBz2orsG/lLmO3
Threatray 1'763 similar samples on MalwareBazaar
TLSH T1F1648D11FA92C034E47A16F889A6C6F8753C78615B6481CBB6E43FFF4A761E19C3124B
Reporter pr0xylife
Tags:dll SQUIRRELWAFFLE

Intelligence

File Origin
# of uploads :
2
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Squirrelwaffle
Create hunting rule
Link:
https://www.capesandbox.com/analysis/188470/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.8836.4336.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay
Link:
https://www.filescan.io/uploads/6175240a9a5a1e91c5d20563/reports/c5e58dbb-7135-4ecc-953a-af658fcf4ab4/overview
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/47355c13-cbba-40fe-9d1f-1deb39dc6180
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/852161
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 484594 Sample: www1.dll Startdate: 16/09/2021 Architecture: WINDOWS Score: 60 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        13 rundll32.exe 7->13         started        15 cmd.exe 1 7->15         started        17 7 other processes 7->17 dnsIp5 24 amjsys.com 9->24 26 192.168.2.1 unknown unknown 9->26 32 System process connects to network (likely due to code injection or exploit) 9->32 19 rundll32.exe 15->19         started        signatures6 process7 dnsIp8 22 amjsys.com 202.52.147.113, 49771, 49773, 49775 GMEDIA-AS-IDGlobalMediaTeknologiPTID Indonesia 19->22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-16 14:37:09 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxilol7iel6wyiucpng2del5fqps3h5kqohaapty4uztqtvibe4q._file
Verdict:
suspicious
Label(s):
gozi
Create hunting rule
Similar samples:
0a87bd3bb60320b21e493341b70519af4e46c2e969038d6d89b536cd37aa11d9
Squirrelwaffle
3aa3a80a403194be781482d4c954adc4ebd773cfd1fa008c2072c591b4bb5c5f
Squirrelwaffle
4ea9247c803c108e37b264c2e5fe18e78129e17d08549d4cd2b77d22e28e89e3
Squirrelwaffle
4fde6fdaa3f04545082ec74efa9e90862f771bc73edbbef18cc868775523fea7
Squirrelwaffle
56c26ed446ff536e676969a770d3ca72bd5bb1faf20aa64ecb559cbaab4d36d2
Squirrelwaffle
a6cc572e1433e1cbdd583f4d0401fc427617015f646a018ab0b2d14c6e55e070
Squirrelwaffle
aa56916f2b2343a71ffbb8e8e28350d2cdd54ece785712703de5a703d58bb4df
Squirrelwaffle
bf9ec886e6e856364daad38a84d9f7fa7f73f3103e3f45894d74f91762a6e6eb
Squirrelwaffle
e7f9b5692e7f51ee1711ef2f344f7fdacf4387712c38a82b1361679ab76da12a
Squirrelwaffle
f82a3b15901da167017395e4158995302d01abbb9b7f259465eca8f66f42fb5c
Squirrelwaffle
+ 1'753 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210916-ry5vjagdhr/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d
MD5 hash:
5f5aed43a3ee55f2727f1c1470a6db32
SHA1 hash:
7574a3cb7c27bd548e93309b0401e7ce48d22d76
Link:
https://www.unpac.me/results/de00feaa-7108-444f-af53-a753ab44f2f0/
SH256 hash:
85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
MD5 hash:
5ec89ea30af2cc38ae183d12ffacbcf7
SHA1 hash:
bee82e104c1082442c7ff029b2781a04a3e80cd5
Link:
https://www.unpac.me/results/de00feaa-7108-444f-af53-a753ab44f2f0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/188470/

Comments