bazarloader | 9c4807666747c9befea4427e5b9791193fdb105d53400639e8cc401d92463be2

Resubmissions

01-11-2021 12:31

211101-pp5r3ahha4 10

31-10-2021 09:03

211031-k1bwxacfaq 10

14-10-2021 01:44

211014-b6aflafeg4 10

Sharing

Copy URL

Twitter E-mail

General

Target

SquirrelWaffle_13Oct.zip
Size

8.9MB
Sample

211014-b6aflafeg4
MD5

ec83f517a76991c651605295f3dcb01a
SHA1

6fe41b2304b595a821aeca4d00dfd7466ecf5f50
SHA256

9c4807666747c9befea4427e5b9791193fdb105d53400639e8cc401d92463be2
SHA512

b4847e665d4debf75dfca30ce79229cb27cef44047804253c67c8c7134fb7e617e2a597d3cec4dc28875d142dca3aa90ff46fc84a196bcd37ba2baeb21a02ed8

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.363

Botnet

notset

Campaign

1632819510

196.217.156.63:995

120.150.218.241:995

95.77.223.148:443

185.250.148.74:443

181.118.183.94:443

105.198.236.99:443

140.82.49.12:443

37.210.152.224:995

89.101.97.139:443

81.241.252.59:2078

27.223.92.142:995

81.250.153.227:2222

73.151.236.31:443

47.22.148.6:443

122.11.220.212:2222

120.151.47.189:443

199.27.127.129:443

216.201.162.158:443

136.232.34.70:443

76.25.142.196:443

Extracted

Family

qakbot

Version

402.363

Botnet

Campaign

1633597626

120.150.218.241:995

185.250.148.74:443

89.137.52.44:443

66.103.170.104:2222

86.8.177.143:443

216.201.162.158:443

174.54.193.186:443

103.148.120.144:443

188.50.169.158:443

124.123.42.115:2222

140.82.49.12:443

199.27.127.129:443

81.241.252.59:2078

209.142.97.161:995

209.50.20.255:443

73.230.205.91:443

200.232.214.222:995

103.142.10.177:443

2.222.167.138:443

41.228.22.180:443

Extracted

Family

qakbot

Version

402.363

Botnet

Campaign

1633334141

75.75.179.226:443

185.250.148.74:443

122.11.220.212:2222

120.150.218.241:995

103.148.120.144:443

140.82.49.12:443

40.131.140.155:995

206.47.134.234:2222

73.230.205.91:443

190.198.206.189:2222

103.157.122.198:995

81.250.153.227:2222

167.248.100.227:443

96.57.188.174:2078

217.17.56.163:2222

217.17.56.163:2078

41.228.22.180:443

136.232.34.70:443

68.186.192.69:443

167.248.111.245:443

Extracted

Family

squirrelwaffle

http://agora.360cyberlink.com/wpuDolwbH9c9

http://panel.betfredtakeaway.com/awJPDGElQ

http://believeinus.net/S6y8WsHm

http://onlinecourses.mirrainternationaluniversity.com/VnCSkt13PkuT

http://reward.tyrehamperpromotion.co.uk/GWJ3gHMtUdk

http://panels.betfredtakeaway.com/0PKIQI4OFxD

http://ambassade-mauritanie-rabat.net/hovwkJJaIt8

http://bitcoinup.bafflepoetry.org/uTyCcQUDkCX3

http://pwcgov-x.gq/doMZFSHYs

http://business-a.ml/lDyw7Vs3x

http://unifarma.com.br/6GREencD

http://digitalmaster.online/rgzce1W5g

http://patatec.com/OTfcXmew

http://megasoftsol.com/R26csFnDY

http://authentification.scanandrace.com/m1xwraBcBFN

http://new.actsgeneration.org/1vXSPxRR3bR

http://lagochapala.com.mx/DplUgNSqWfc

http://acdlimited.com/2u6aW9Pfe

http://jornaldasoficinas.com/ZF8GKIGVDupL

http://orldofjain.com/lMsTA7tSYpe

Attributes

blocklist
94.46.179.80

206.189.205.251

88.242.66.45

85.75.110.214

87.104.3.136

207.244.91.171

49.230.88.160

91.149.252.75

91.149.252.88

92.211.109.152

178.0.250.168

88.69.16.230

95.223.77.160

99.234.62.23

2.206.105.223

84.222.8.201

89.183.239.142

5.146.132.101

77.7.60.154

45.41.106.122

45.74.72.13

74.58.152.123

88.87.68.197

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

185.220.100.241

199.195.251.84

213.164.204.94

74.125.213.7

74.125.213.9

185.220.100.249

37.71.173.58

93.2.220.100

188.10.191.109

81.36.17.247

70.28.47.118

45.133.172.222

108.41.227.196

37.235.53.46

162.216.47.22

154.3.42.51

45.86.200.60

212.230.181.152

185.192.70.11

37.142.65.69

87.166.51.31

178.198.76.175

128.90.172.136

172.58.227.224

201.77.112.133

64.124.12.162

87.166.51.28

104.244.72.115

109.70.100.23

192.145.127.220

194.186.142.122

185.207.249.217

52.250.42.144

45.86.201.156

195.245.199.125

213.33.190.70

154.61.71.13

154.13.1.22

191.96.185.151

40.94.25.22

40.94.25.39

40.94.25.5

40.94.25.79

40.94.25.69

40.94.25.71

40.94.25.60

40.94.25.64

40.94.25.29

40.94.25.23

40.94.25.89

40.94.26.165

40.94.26.210

40.94.26.208

40.94.26.166

40.94.26.216

40.94.26.173

40.94.26.182

40.94.35.75

40.94.35.97

40.94.35.27

40.94.35.38

40.94.35.46

40.94.35.76

40.94.35.70

40.94.35.80

40.94.35.98

40.94.35.40

45.86.200.23

198.167.212.98

40.94.31.87

40.94.31.85

40.94.31.29

40.94.31.97

40.94.31.88

40.94.31.80

40.94.31.65

198.167.195.112

40.94.31.58

40.94.31.48

40.94.31.64

40.94.31.26

40.94.31.66

40.94.31.90

40.94.31.46

40.94.31.47

212.119.227.184

72.12.194.93

72.12.194.94

72.12.194.92

134.209.213.55

35.198.84.59

89.208.29.2

40.94.30.159

40.94.30.139

40.94.30.152

40.94.30.167

40.94.30.164

40.94.30.166

40.94.30.174

40.94.30.151

154.61.71.53

40.94.30.157

40.94.30.136

40.94.30.149

52.154.162.74

213.33.190.161

83.84.25.214

162.251.62.154

188.241.177.152

92.211.110.221

185.183.107.236

72.12.194.90

40.94.25.36

40.94.29.4

40.94.25.50

40.94.29.31

40.94.25.31

40.94.29.41

40.94.31.5

40.94.25.80

40.94.29.82

40.94.31.81

40.94.25.96

40.94.29.59

40.94.31.3

40.94.25.58

40.94.31.61

40.94.31.49

40.94.31.54

40.94.31.62

40.94.31.70

40.94.30.211

40.94.30.148

40.94.30.218

40.94.30.147

40.94.30.129

40.94.31.15

40.94.30.169

40.94.31.36

40.94.30.223

40.94.30.203

95.211.36.179

64.233.172.102

153.246.206.71

198.167.193.35

90.187.12.209

37.49.116.179

52.167.22.240

160.177.96.15

185.123.143.220

167.99.172.253

40.94.36.81

86.107.21.203

24.37.31.38

71.19.154.84

192.160.102.170

216.251.130.74

49.44.76.43

109.147.65.157

86.217.130.91

178.174.15.54

86.242.244.97

92.46.70.105

81.201.234.26

78.94.217.60

141.226.236.91

95.26.228.102

89.208.29.3

213.33.190.205

213.33.190.121

5.154.174.45

23.154.177.3

195.65.152.138

93.231.174.227

185.220.101.132

54.36.101.21

72.12.194.91

46.14.116.174

141.19.232.57

185.220.101.149

45.74.46.69

157.230.210.133

82.199.130.36

104.237.193.28

187.46.138.56

195.164.49.162

156.146.49.135

195.164.49.191

79.104.209.54

35.245.134.90

20.52.139.186

189.139.144.151

94.31.102.187

39.43.45.71

107.189.10.143

39.43.123.57

106.75.76.179

194.186.142.131

210.22.129.194

45.130.83.77

154.6.16.175

162.247.73.192

107.189.1.160

185.107.47.215

46.166.139.111

185.56.80.65

185.220.100.245

209.141.59.180

77.247.181.163

185.220.101.137

185.220.100.242

104.244.76.13

185.83.214.69

185.220.100.252

185.112.146.73

185.57.82.28

89.187.171.116

66.220.242.222

39.43.72.17

5.171.90.80

185.152.32.77

23.129.64.157

92.151.9.187

106.75.31.237

122.167.79.251

109.70.100.33

199.249.230.154

64.233.172.108

64.233.172.106

64.233.172.104

77.247.181.165

107.189.12.240

79.142.76.203

193.128.114.34

185.92.26.59

185.65.210.119

70.39.159.79

70.39.159.29

151.48.26.15

151.48.26.15

2.228.159.178

188.174.248.154

188.174.248.154

95.90.198.182

95.90.198.182

193.0.200.36

193.0.200.36

151.127.13.232

89.97.249.158

212.115.152.225

185.217.117.179

199.249.230.164

80.233.134.134

109.74.154.92

65.39.88.250

90.84.192.187

37.70.202.24

85.203.45.30

109.190.93.219

151.8.114.194

176.235.38.106

149.56.99.85

138.128.136.169

213.82.23.224

192.42.123.107

128.90.151.188

162.245.206.249

85.203.45.40

95.211.95.242

185.220.102.251

66.203.112.160

193.128.108.246

193.128.108.242

31.204.150.74

34.141.245.25

122.167.85.191

212.6.86.133

171.25.193.25

149.3.170.147

162.247.74.217

109.70.100.34

89.208.29.5

79.104.209.91

79.104.209.157

194.186.142.205

198.167.217.20

198.167.193.112

204.101.161.31

198.167.219.82

195.74.76.222

87.118.110.27

185.247.225.43

193.128.108.250

188.212.135.7

106.75.75.245

86.142.177.106

185.192.69.77

198.167.209.37

59.144.163.235

193.128.108.243

31.204.152.150

87.166.49.39

82.127.202.176

58.40.175.6

92.222.212.17

88.123.105.51

45.114.130.4

216.251.130.75

187.22.129.46

187.22.129.46

45.153.160.129

80.155.50.158

80.155.50.158

212.234.209.161

213.9.159.210

88.149.207.35

88.149.207.35

88.149.207.35

37.159.148.162

151.8.6.86

91.62.233.251

109.3.219.42

109.3.219.42

109.3.219.42

196.23.168.132

192.87.28.103

207.244.70.35

79.104.209.172

89.208.29.6

195.239.51.18

79.104.209.52

194.154.78.73

185.220.102.240

109.70.100.27

208.68.5.17

185.191.124.143

45.153.160.130

163.172.213.212

193.128.108.245

51.83.131.42

109.62.69.3

109.62.69.3

147.135.68.11

209.58.188.133

193.128.108.253

94.242.243.171

185.183.106.148

185.220.102.248

109.70.100.20

37.58.58.249

69.167.10.41

109.62.69.2

45.141.56.7

104.244.74.55

193.128.108.247

185.31.175.243

45.61.185.125

185.57.82.27

122.182.203.3

82.221.105.78

37.187.196.70

45.153.160.138

89.163.252.12

193.128.108.252

198.167.199.100

198.167.199.106

70.39.116.252

193.128.108.248

188.43.68.132

79.104.209.46

213.33.190.122

95.25.38.53

80.255.7.72

212.119.227.132

212.119.227.169

194.186.142.52

38.132.118.67

37.120.143.139

193.128.108.249

66.249.88.48

66.249.88.50

66.249.88.46

104.244.74.28

198.96.155.3

205.185.124.200

109.70.100.36

193.189.100.202

185.31.175.215

84.147.60.16

45.242.1.134

5.22.190.138

84.147.62.235

89.208.29.7

194.154.78.130

106.75.66.75

185.217.1.11

103.254.153.204

198.167.201.23

185.31.175.231

23.184.48.9

18.27.197.252

107.189.11.153

128.199.56.132

104.248.166.43

192.145.127.221

185.100.87.202

94.46.179.80

206.189.205.251

178.255.172.194

84.221.205.40

155.138.242.103

178.212.98.156

85.65.32.191

31.167.184.201

88.242.66.45

36.65.102.42

203.213.127.79

85.75.110.214

93.78.214.187

204.152.81.185

183.171.72.218

168.194.101.130

87.104.3.136

92.211.196.33

197.92.140.125

207.244.91.171

49.230.88.160

196.74.16.153

91.149.252.75

91.149.252.88

92.206.15.202

82.21.114.63

92.211.109.152

178.0.250.168

178.203.145.135

85.210.36.4

199.83.207.72

86.132.134.203

88.69.16.230

99.247.129.88

37.201.195.12

87.140.192.0

88.152.185.188

87.156.177.91

99.229.57.160

95.223.77.160

88.130.54.214

99.234.62.23

2.206.105.223

94.134.179.130

84.221.255.199

84.222.8.201

89.183.239.142

87.158.21.26

93.206.148.216

5.146.132.101

77.7.60.154

95.223.75.85

162.254.173.187

50.99.254.163

45.41.106.122

99.237.13.3

45.74.72.13

108.171.64.202

74.58.152.123

216.209.253.121

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

185.220.100.241

199.195.251.84

213.164.204.94

74.125.213.7

74.125.213.9

177.38.183.13

185.220.100.249

85.55.1.73

85.55.1.73

37.71.173.58

82.65.34.224

93.2.220.100

188.10.191.109

24.100.23.115

81.36.17.247

90.161.75.4

213.194.157.212

117.211.140.154

Extracted

Family

qakbot

Version

402.343

Botnet

Campaign

1632730751

95.77.223.148:443

47.22.148.6:443

89.101.97.139:443

27.223.92.142:995

120.151.47.189:443

136.232.34.70:443

120.150.218.241:995

185.250.148.74:443

181.118.183.94:443

140.82.49.12:443

67.165.206.193:993

103.148.120.144:443

71.74.12.34:443

76.25.142.196:443

73.151.236.31:443

173.21.10.71:2222

75.188.35.168:443

2.178.88.145:61202

71.80.168.245:443

45.46.53.140:2222

Extracted

Family

qakbot

Version

402.318

Botnet

obama101

Campaign

1632228858

47.22.148.6:443

24.55.112.61:443

140.82.49.12:443

24.139.72.117:443

136.232.34.70:443

24.229.150.54:995

71.74.12.34:443

73.151.236.31:443

120.150.218.241:995

105.198.236.99:443

76.25.142.196:443

45.46.53.140:2222

144.139.47.206:443

96.37.113.36:993

173.21.10.71:2222

67.165.206.193:993

189.210.115.207:443

109.12.111.14:443

68.204.7.158:443

95.77.223.148:443

Targets

- Target
  
  061dfb6a251e536f700a295239652dafab34aee5e5145320d1d57e3fca5e5d52
- Size
  
  605KB
- MD5
  
  b166029cc6b11b16e9d29b22db5398df
- SHA1
  
  899238df1e045ed91034fc589e32ea9d19d0c09b
- SHA256
  
  061dfb6a251e536f700a295239652dafab34aee5e5145320d1d57e3fca5e5d52
- SHA512
  
  aea6569743fc4d3d6180e93018e7a8184e4f657cc6807652840a48d9f269f534dc15072e94e27f28f40e6cedd65a0ecc4408db274b2a48854da38578ab500616
Score

10^/10

qakbot notset 1632819510 banker evasion stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Windows security bypass
  evasion trojan
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  06d55f75d7c76d6924c0b8439fa3cda28b89284204a6db982e4baf3a37fb35d2
- Size
  
  676KB
- MD5
  
  dd119e4cab8169c27e5bb65f306ed792
- SHA1
  
  a93b6b76b8427caa20f2c041fbf50ba27d2b6aac
- SHA256
  
  06d55f75d7c76d6924c0b8439fa3cda28b89284204a6db982e4baf3a37fb35d2
- SHA512
  
  74f86cab700fe211152ce8b74166156c4feebc71c9f5907fafafca531b2f47af7e9d4d52409411e488e6dd4109e4823b915ff7129d7b2f9a416dde765a3a18cb
Score

10^/10

qakbot tr 1633597626 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  24401ac43b6dbb7048cb27425b4f0f76a9b20b6b4fffa33ff8091c3c11ef8365
- Size
  
  488KB
- MD5
  
  8c778eded8caf98e71730b164b805e1b
- SHA1
  
  8f2180d092ac3b623d2372cb01eaccde0f5e402c
- SHA256
  
  24401ac43b6dbb7048cb27425b4f0f76a9b20b6b4fffa33ff8091c3c11ef8365
- SHA512
  
  666aa5d99be4efa4a3a9c9021a116d8484e05120224c463b66246bf99f0d925a37b54c8e6902b7c7d8c7929c6748cc2ca45801525346de5bcef205a6fac33b18
Score

1^/10
behavioral5 behavioral6
- Target
  
  260e2d5769f0a50a7b49d4c43059221eb7acc4b9fc460763e0cfcd793f2a6840
- Size
  
  1.0MB
- MD5
  
  10c150a949585ba3603cce27707331f0
- SHA1
  
  9eeb1747902951835245545b7b3b1e6408c708c2
- SHA256
  
  260e2d5769f0a50a7b49d4c43059221eb7acc4b9fc460763e0cfcd793f2a6840
- SHA512
  
  668ea267488635b88ef6a929501f8f6b34a02ccb2fa01a311caf89f5c683f0dd6877d8714ddf8b6b24e7a447c40f2cf5c42698638a52ff7b27e6c47ce4f4578b
Score

10^/10

qakbot tr 1633334141 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  26cd03696045fb93b415b022fa6bc832098394bf362f4b4c4e897e9550d12618
- Size
  
  518KB
- MD5
  
  c9b2167e784286fcf1835c0d9ba0eade
- SHA1
  
  8035bf4ada5abdffa9a7566c965b3caf897f3fed
- SHA256
  
  26cd03696045fb93b415b022fa6bc832098394bf362f4b4c4e897e9550d12618
- SHA512
  
  aef1eaadf55f3a49182588d348e985775960eec11e2240ca874cc5b502b1825ab61f29edbc72b9e8b6d9e68713325ef8c3a5a21606603e477a6bc09b7b841138
Score

10^/10

squirrelwaffle downloader
- SquirrelWaffle is a simple downloader written in C++.
  SquirrelWaffle.
  downloader squirrelwaffle
- Squirrelwaffle Payload
- Blocklisted process makes network request
behavioral9 behavioral10
- Target
  
  2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
- Size
  
  506KB
- MD5
  
  803768a34f7e59b8a9a2f3969624c47e
- SHA1
  
  09a38940ef023929897fdc9c996de0b0f39116e2
- SHA256
  
  2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
- SHA512
  
  21e4aa621360a4ec4a0c73fad494e133f2584f92d058a72772e390c7bf1e1ad3e4d0778e95b590c663fe5efed3cfbecb08d5e78e1216c1bfbef729062806722f
Score

10^/10

squirrelwaffle downloader
- SquirrelWaffle is a simple downloader written in C++.
  SquirrelWaffle.
  downloader squirrelwaffle
- Squirrelwaffle Payload
behavioral11 behavioral12
- Target
  
  2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894
- Size
  
  172KB
- MD5
  
  2c55997f5febc79d8aec77991f178138
- SHA1
  
  9d6d02ba0d021b6cdbf1fb8f594ebab3214325da
- SHA256
  
  2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894
- SHA512
  
  099ad760edaf05a1b180f451c48762627bfc374c8ed2e1ff8969d18787a366495b3576cf7f3724c932d52fa34897e4ee57b7824df9c11d6f6784ec310ee40820
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
behavioral13 behavioral14
- Target
  
  336cdd146beca939c6d1e3e3c00cc10ec2d6e859a18d350bff937ad5194c27da
- Size
  
  833KB
- MD5
  
  97406f2cee93cdb660848c99e6d291e6
- SHA1
  
  17aa4ce85e931fdf383b864144a3c1b6e68f91e2
- SHA256
  
  336cdd146beca939c6d1e3e3c00cc10ec2d6e859a18d350bff937ad5194c27da
- SHA512
  
  4884d65111c7da44832d30eb0cd7bcee9aceb6de24a610eb0709960d1276ad963214b8c620b14960a43319b0d77da7af3f622a5d6f1d36f31190ac2c641be4ef
Score

10^/10

qakbot tr 1632730751 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473
- Size
  
  359KB
- MD5
  
  4f18fd01d6afd232553fbbf602b2a4e2
- SHA1
  
  e50a8e3bfb891dc723f5c7fc2276055102d0a097
- SHA256
  
  417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473
- SHA512
  
  750493256643799b3de954298874f6df1d87bf6fd3afa259689af2ba9159374f274937490be6159650237a74778e5565e4f9d4e5e359f9e71cc1c5fd385b4dd3
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
behavioral17 behavioral18
- Target
  
  4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee
- Size
  
  488KB
- MD5
  
  7f0b9d11c95a65e9e9f87b2341bb01ad
- SHA1
  
  93abbf5758c39672d69502690b5e4003a47f9e72
- SHA256
  
  4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee
- SHA512
  
  eb81b291a55ab91dfaef4a64661b2325c594890ebbcb71b00d5029275c1b7ec43880d85737fceba3c0de1cd20ed94ffa7a9112424c3ef25fd0e21e586a329648
Score

10^/10

qakbot obama101 1632228858 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  54e526fe059a3f25cdaed954e32f44eadffb3e51548658409468dcf2d63b634c
- Size
  
  398KB
- MD5
  
  36e57cea07affea16fa5921d348021dc
- SHA1
  
  822d62e274e51516318fea9a12a0c6237d964782
- SHA256
  
  54e526fe059a3f25cdaed954e32f44eadffb3e51548658409468dcf2d63b634c
- SHA512
  
  3bfd989132682eaf3a14f143a7d93e00ba3a2d35ead9cffd5aeb394e8d9040b679191094e0ab1c1393aa22cc2a20e59b9c0ca88bc661793ab2b02fdb92d90c54
Score

1^/10
behavioral21 behavioral22
- Target
  
  6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b
- Size
  
  235KB
- MD5
  
  8e37795097400f6a609525749d154cd0
- SHA1
  
  8e1502c2aa56e6a8c7c1d2c75f3946332a5bb8c0
- SHA256
  
  6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b
- SHA512
  
  c7453b8f50e557a5990ac3708931845eeb6dc2992cd907d5534733524f523226d8d013be6e09bb2b5210f6f5ad2303625f8998a5111d3b0925bb4228b6c9152a
Score

10^/10

squirrelwaffle downloader
- SquirrelWaffle is a simple downloader written in C++.
  SquirrelWaffle.
  downloader squirrelwaffle
- Squirrelwaffle Payload
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
- Size
  
  439KB
- MD5
  
  22aef4558853a72dd07ff9513a6b9dbf
- SHA1
  
  52a914b43dfa44910ab649be77a57db631d038ee
- SHA256
  
  64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
- SHA512
  
  550f72f4d6186869893b2dc6536b3ce9bcb7843b0db726a1d9fb118291b1e96d642dfb57369b85ff58c41b38d6c40f6853d1da752f589aa419cb1f4d35381be4
Score

10^/10

squirrelwaffle downloader
- SquirrelWaffle is a simple downloader written in C++.
  SquirrelWaffle.
  downloader squirrelwaffle
- Squirrelwaffle Payload
behavioral25 behavioral26
- Target
  
  671f477c3039786c5f3553760377be03b91bfb66f31ba9370ed2193192cf5b4e
- Size
  
  334KB
- MD5
  
  84a32095bcbc0ed694f09f1dd8f2a70f
- SHA1
  
  23f7334db6979f04d5a2a9a846f82c526bfe6736
- SHA256
  
  671f477c3039786c5f3553760377be03b91bfb66f31ba9370ed2193192cf5b4e
- SHA512
  
  e3db14700e24210d1e2f1c19fcbb1b7074d73f5cdc4cbaf737b9a92a4f3b8d9b71efaa450aac9f7f4baef1ca8463f0668a3d72b888e0d39195e4c6115de5012a
Score

10^/10

squirrelwaffle downloader
- SquirrelWaffle is a simple downloader written in C++.
  SquirrelWaffle.
  downloader squirrelwaffle
- Squirrelwaffle Payload
- Blocklisted process makes network request
behavioral27 behavioral28
- Target
  
  67785724b67ecd79b7cd4c64a249794b9abda8b680fe52a0ce85bb83ddfb6cce
- Size
  
  1.4MB
- MD5
  
  c00e0c5f7cf5ca5a1ecaf2f52cb0fe3f
- SHA1
  
  943f28aaad96f667c5afc9480f14f06701b6faf1
- SHA256
  
  67785724b67ecd79b7cd4c64a249794b9abda8b680fe52a0ce85bb83ddfb6cce
- SHA512
  
  685b3472e5a9f11fa21bc21b4c213256aaa23ed12db109ceb410f018df4e24114628ae9c6088d43e438d8f756f18dcad83797ee39562eb17c0131f1aa4133078
Score

3^/10
behavioral29 behavioral30
- Target
  
  6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb
- Size
  
  172KB
- MD5
  
  f943853cddc15b59823962b28f08b809
- SHA1
  
  3e46675756a6f0dc722c620f3bc12610fe27c010
- SHA256
  
  6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb
- SHA512
  
  1a524916b6af5b071e2d4e533fb302b062383c2edb941a7a6e3d9e92897b2e7f612aa444eeff8c4de6499421f3823d54efa9b375b22c0fe6d301ff1bcb632985
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Qakbot/Qbot

Windows security bypass

Loads dropped DLL

Qakbot/Qbot

Loads dropped DLL

Qakbot/Qbot

Loads dropped DLL

SquirrelWaffle is a simple downloader written in C++.

Squirrelwaffle Payload

Blocklisted process makes network request

SquirrelWaffle is a simple downloader written in C++.

Squirrelwaffle Payload

Bazar Loader

Bazar/Team9 Loader payload

Qakbot/Qbot

Loads dropped DLL

Bazar Loader

Bazar/Team9 Loader payload

Qakbot/Qbot

Loads dropped DLL

SquirrelWaffle is a simple downloader written in C++.

Squirrelwaffle Payload

Blocklisted process makes network request

SquirrelWaffle is a simple downloader written in C++.

Squirrelwaffle Payload

SquirrelWaffle is a simple downloader written in C++.

Squirrelwaffle Payload

Blocklisted process makes network request

Bazar Loader

Bazar/Team9 Loader payload

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32