General

  • Target

    1515633aa74826ddde0648e7829ea880.dll

  • Size

    256KB

  • Sample

    210927-q9te7shbdp

  • MD5

    1515633aa74826ddde0648e7829ea880

  • SHA1

    9d91401903a35835349521bbf578039aef934eea

  • SHA256

    278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d

  • SHA512

    01850b38667645c3e51635aafe4ef43895e485d6885b74ae4f7ac5f910cdcd231407279b4667162bcc4f203090f54074dba4c11c9b96672a6f7c4b2f7962b110

Malware Config

Extracted

Family

squirrelwaffle

C2

acdlimited.com/2u6aW9Pfe

jornaldasoficinas.com/ZF8GKIGVDupL

orldofjain.com/lMsTA7tSYpe

altayaralsudani.net/SSUsPgb7PHgC

hoteloaktree.com/QthLWsZsVgb

aterwellnessinc.com/U7D0sswwp

sirifinco.com/Urbhq9wO50j

ordpress17.com/5WG6Z62sKWo

mohsinkhanfoundation.com/pcQLeLMbur

lendbiz.vn/xj3BhHtMbf

geosever.rs/ObHP1CHt

nuevainfotech.com/xCNyTjzkoe

dadabhoy.pk/m6rQE94U

111

sjgrand.lk/zvMYuQqEZj

erogholding.com/GFM1QcCFk

armordetailing.rs/lgfrZb4Re6WO

lefrenchwineclub.com/eRUGdDox

Targets

    • Target

      1515633aa74826ddde0648e7829ea880.dll

    • Size

      256KB

    • MD5

      1515633aa74826ddde0648e7829ea880

    • SHA1

      9d91401903a35835349521bbf578039aef934eea

    • SHA256

      278f92d704ed714c94aa4ccf397552d57e04455565cf18139ac46e6f3b30177d

    • SHA512

      01850b38667645c3e51635aafe4ef43895e485d6885b74ae4f7ac5f910cdcd231407279b4667162bcc4f203090f54074dba4c11c9b96672a6f7c4b2f7962b110

    • SquirrelWaffle is a simple downloader written in C++.

      SquirrelWaffle.

    • suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response

      suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response

    • suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

      suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

    • suricata: ET MALWARE SQUIRRELWAFFLE Server Response

      suricata: ET MALWARE SQUIRRELWAFFLE Server Response

    • squirrelwaffle

      Squirrelwaffle Payload

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks