General

  • Target

    7574.dll

  • Size

    68KB

  • Sample

    210922-nsjtbscda8

  • MD5

    5f5aed43a3ee55f2727f1c1470a6db32

  • SHA1

    7574a3cb7c27bd548e93309b0401e7ce48d22d76

  • SHA256

    c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d

  • SHA512

    a3912fb654538c73c57c9a60b8a67e60b2446f1c5824d068613722a576bdcd26ef8ea121ffb4831b140049cecafd49e6879426dab7312c9e7a7283e9ebd4ae7f

Score
10/10

Malware Config

Extracted

Family

squirrelwaffle

C2

spiritofprespa.com/9783Tci2SGF6

amjsys.com/RIZszf8vR

hrms.prodigygroupindia.com/SKyufGZV

centralfloridaasphalt.com/GCN0FChS

jhehosting.com/rUuKheB7

shoeclearanceoutlet.co.uk/46awDTJjI4l

kmslogistik.com/aS1mjTkJIy

bartek-lenart.pl/1bWJ57V9vx

voip.voipcallhub.com/ZVmfdGHs4T

mercyfoundationcio.org/XF9aQrXnakeG

key4net.com/a8A2kcc1J

chaturanga.groopy.com/mxN3lxZoVApc

voipcallhub.com/ilGht5r26

ems.prodigygroupindia.com/v5RvVJTz

novamarketing.com.pk/k8l36uus

lenartsa.webd.pro/fz16DjmKmHtl

lead.jhinfotech.co/YERjiAMaupaz

Attributes
blocklist
94.46.179.80
206.189.205.251
88.242.66.45
85.75.110.214
87.104.3.136
207.244.91.171
49.230.88.160
91.149.252.75
91.149.252.88
92.211.109.152
178.0.250.168
88.69.16.230
95.223.77.160
99.234.62.23
2.206.105.223
84.222.8.201
89.183.239.142
5.146.132.101
77.7.60.154
45.41.106.122
45.74.72.13
74.58.152.123
88.87.68.197
211.107.25.121
109.70.100.25
185.67.82.114
207.102.138.19
204.101.161.14
193.128.108.251
111.7.100.17
111.7.100.16
74.125.210.62
74.125.210.36
104.244.74.57
185.220.101.145
185.220.101.144
185.220.101.18
185.220.100.246
185.220.101.228
185.220.100.243
185.220.101.229
185.220.101.147
185.220.102.250
185.220.100.241
199.195.251.84
213.164.204.94
74.125.213.7
74.125.213.9
185.220.100.249
37.71.173.58
93.2.220.100
188.10.191.109
81.36.17.247
70.28.47.118
45.133.172.222
108.41.227.196
37.235.53.46
162.216.47.22
154.3.42.51
45.86.200.60
212.230.181.152
185.192.70.11
14.33.131.72
94.46.179.80
206.189.205.251
178.255.172.194
84.221.205.40
155.138.242.103
178.212.98.156
85.65.32.191
31.167.184.201
88.242.66.45
36.65.102.42
203.213.127.79
85.75.110.214
93.78.214.187
204.152.81.185
183.171.72.218
168.194.101.130
87.104.3.136
92.211.196.33
197.92.140.125
207.244.91.171
49.230.88.160
196.74.16.153
91.149.252.75
91.149.252.88
92.206.15.202
82.21.114.63
92.211.109.152
178.0.250.168
178.203.145.135
85.210.36.4
199.83.207.72
86.132.134.203
88.69.16.230
99.247.129.88
37.201.195.12
87.140.192.0
88.152.185.188
87.156.177.91
99.229.57.160
95.223.77.160
88.130.54.214
99.234.62.23
2.206.105.223
94.134.179.130
84.221.255.199
84.222.8.201
89.183.239.142
87.158.21.26
93.206.148.216
5.146.132.101
77.7.60.154
95.223.75.85
162.254.173.187
50.99.254.163
45.41.106.122
99.237.13.3
45.74.72.13
108.171.64.202
74.58.152.123
216.209.253.121
88.87.68.197
211.107.25.121
109.70.100.25
185.67.82.114
207.102.138.19
204.101.161.14
193.128.108.251
111.7.100.17
111.7.100.16
74.125.210.62
74.125.210.36
104.244.74.57
185.220.101.145
185.220.101.144
185.220.101.18
185.220.100.246
185.220.101.228
185.220.100.243
185.220.101.229
185.220.101.147
185.220.102.250

Targets

    • Target

      7574.dll

    • Size

      68KB

    • MD5

      5f5aed43a3ee55f2727f1c1470a6db32

    • SHA1

      7574a3cb7c27bd548e93309b0401e7ce48d22d76

    • SHA256

      c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d

    • SHA512

      a3912fb654538c73c57c9a60b8a67e60b2446f1c5824d068613722a576bdcd26ef8ea121ffb4831b140049cecafd49e6879426dab7312c9e7a7283e9ebd4ae7f

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation