squirrelwaffle | 18cd9e697d749314e471c97e33b821847229c4347fc6f438a5f9d7fa61f6f0dd

General

Target

18cd9e697d749314e471c97e33b821847229c4347fc6f438a5f9d7fa61f6f0dd
Size

52KB
Sample

211113-v6gz8accan
MD5

20de10e77bb365175635770e32fe0e95
SHA1

934d2331b6b1770d8c4fa95e9066a67c2411266c
SHA256

18cd9e697d749314e471c97e33b821847229c4347fc6f438a5f9d7fa61f6f0dd
SHA512

d0cf60988b95797aaeaed077ea8c97ce023056a12c725aa274dadbce1a1c94ba0603c24793c4d708650ccfdbd21c6e2e2af90a8561d5ac7cef1c5eb5da40be19

Score

10^/10

squirrelwaffle suricata

Malware Config

Extracted

Family

squirrelwaffle

C2

http://msrsac.com/nvaaLwe9

http://u522712.gluweb.nl/n2fshwgq

http://serverplanner.com/LkkAWHLc8

http://bengali.iu.ac.bd/xNM4FTUzqRRk

http://owfix.net/NVNCI3qMl4

http://pcbsi.com.ph/IcLNSd9sO

http://enlacelaboral.com/3cKldxdt

Attributes

blocklist
94.46.179.80

206.189.205.251

88.242.66.45

36.65.102.42

85.75.110.214

93.78.214.187

87.104.3.136

207.244.91.171

49.230.88.160

91.149.252.75

91.149.252.88

92.211.109.152

178.0.250.168

178.203.145.135

88.69.16.230

95.223.77.160

99.234.62.23

2.206.105.223

84.222.8.201

89.183.239.142

93.206.148.216

5.146.132.101

77.7.60.154

45.41.106.122

45.74.72.13

74.58.152.123

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

94.46.179.80

206.189.205.251

178.255.172.194

84.221.205.40

155.138.242.103

178.212.98.156

85.65.32.191

31.167.184.201

88.242.66.45

36.65.102.42

203.213.127.79

85.75.110.214

93.78.214.187

204.152.81.185

183.171.72.218

168.194.101.130

87.104.3.136

92.211.196.33

197.92.140.125

207.244.91.171

49.230.88.160

196.74.16.153

91.149.252.75

91.149.252.88

92.206.15.202

82.21.114.63

92.211.109.152

178.0.250.168

178.203.145.135

85.210.36.4

199.83.207.72

86.132.134.203

88.69.16.230

99.247.129.88

37.201.195.12

87.140.192.0

88.152.185.188

87.156.177.91

99.229.57.160

95.223.77.160

88.130.54.214

99.234.62.23

2.206.105.223

94.134.179.130

84.221.255.199

84.222.8.201

89.183.239.142

87.158.21.26

93.206.148.216

5.146.132.101

77.7.60.154

95.223.75.85

162.254.173.187

50.99.254.163

45.41.106.122

99.237.13.3

45.74.72.13

108.171.64.202

74.58.152.123

216.209.253.121

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

Targets

- Target
  
  18cd9e697d749314e471c97e33b821847229c4347fc6f438a5f9d7fa61f6f0dd
- Size
  
  52KB
- MD5
  
  20de10e77bb365175635770e32fe0e95
- SHA1
  
  934d2331b6b1770d8c4fa95e9066a67c2411266c
- SHA256
  
  18cd9e697d749314e471c97e33b821847229c4347fc6f438a5f9d7fa61f6f0dd
- SHA512
  
  d0cf60988b95797aaeaed077ea8c97ce023056a12c725aa274dadbce1a1c94ba0603c24793c4d708650ccfdbd21c6e2e2af90a8561d5ac7cef1c5eb5da40be19
Score

10^/10

suricata
- suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
  suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2