Analysis
-
max time kernel
160s -
max time network
48s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-10-2021 13:37
Static task
static1
Behavioral task
behavioral1
Sample
test2.test.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
test2.test.dll
Resource
win10-en-20210920
General
-
Target
test2.test.dll
-
Size
468KB
-
MD5
5ac65b28e1852283c612ca7e1aaa7d3f
-
SHA1
da1277f3549453023446290bf5d278c89343ffa5
-
SHA256
dd372a40f76e4df61316e014ac9e25a36981e07d9064944776ce41d933e19530
-
SHA512
c16ce4e628b8564b955d8d322a1d13af90831c6638b97547c720fb6706603b1f30542298aa11eb39494d9dea7284eab6233cee6a06b57e3a51e16342abfc11b0
Malware Config
Extracted
squirrelwaffle
profitshub.in/eJDLM6siEv
hynot-adventures.com/siRmGWRAqRR
giversherbalproducts.com/lBawcxb5
opulent-imports.com/DlOBqKAf
nitro2point0.com/9SqebpSMu
streamline-trade.com/7fTwg0V7
sologicgroup.com/hWo6FObvrdp
pedroaros.cl/gnYxifRY
apimar.eu/QFm9qbfjT
baetrading.com/IfpAV6qS
ditrpshop.in/oHbAKuM0
surveillantfire.com/s6ImD3DAJs
dhananialegalaid.com/VIVB6kFar
aulaintelimundo.com/n1n3Sh4NSO08
muwatin.net/IvyhnWs8j
nkp.hr/a9TmwEDR
kvrassociates.net/Y3kzp0WtE0
marianaleyton.com/4ByNgaVdId6
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
squirrelwaffle 1 IoCs
Squirrelwaffle Payload
resource yara_rule behavioral1/memory/1604-63-0x0000000010000000-0x0000000014574000-memory.dmp squirrelwaffle -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25 PID 1816 wrote to memory of 1604 1816 rundll32.exe 25