Resubmissions

21-10-2021 20:58

211021-zskw6sagb2 10

21-10-2021 18:23

211021-w1rg5sbeek 10

General

  • Target

    test1.test

  • Size

    532KB

  • Sample

    211021-w1rg5sbeek

  • MD5

    510b2569ff4ed686227d4fafd4c04dfc

  • SHA1

    a311db42d9b019b7f1fa1337fb88772fad9175d2

  • SHA256

    653e066782817e5c09ca75786c3740b391dc7bbd8c76f38748c0d5e684b4292c

  • SHA512

    29d0fcece323c7c25e2126f2636d83d267d63f43095333f9346822d089a36b3bcf46bbd718483f2a51f2d183f3d2590b5d88a4d2148438b986af2a79b9b98061

Malware Config

Extracted

Family

squirrelwaffle

C2

http://bostoncarservice.us/ttv8fU9U19

http://payparq-cloud-3513-01.com/bON7gU8BpvAU

http://luckysoxs.com/3FbCi7ej09p

http://payparq-cloud-8799-02.com/0yXFxtYs0Z

http://rjmholding.com/JKu3ByhTE

http://centroparquekrahmer.cl/iXIdCvMk5TD7

http://capaxion.cl/xigRVxm0X

http://bimcrea.cl/CRUKqDjn

http://payparq-cloud-8899-00.com/yeoXYV97

http://18pixels.org/mDZYHjiJi

http://e2eprocess.cl/EUsDZTqM

http://payparq.com/1DT7hrizVB

http://sammlerstore.pe/KKFuUiXVI5

Targets

    • Target

      test1.test

    • Size

      532KB

    • MD5

      510b2569ff4ed686227d4fafd4c04dfc

    • SHA1

      a311db42d9b019b7f1fa1337fb88772fad9175d2

    • SHA256

      653e066782817e5c09ca75786c3740b391dc7bbd8c76f38748c0d5e684b4292c

    • SHA512

      29d0fcece323c7c25e2126f2636d83d267d63f43095333f9346822d089a36b3bcf46bbd718483f2a51f2d183f3d2590b5d88a4d2148438b986af2a79b9b98061

    • SquirrelWaffle is a simple downloader written in C++.

      SquirrelWaffle.

    • suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response

      suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response

    • suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

      suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

    • suricata: ET MALWARE SQUIRRELWAFFLE Server Response

      suricata: ET MALWARE SQUIRRELWAFFLE Server Response

    • Squirrelwaffle Payload

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks