squirrelwaffle | aa9707a92f02c46e6ab8611c233b208506bc6a358a2e78a60b74d6859ddfd5e8

General

Target

aa9707a92f02c46e6ab8611c233b208506bc6a358a2e78a60b74d6859ddfd5e8
Size

68KB
Sample

211113-v6kfcaccbl
MD5

35b95a6e1a9c965e3f169d6802a53280
SHA1

3b27f9e01d12d9433ec7afcc82ab45d6892b6a7c
SHA256

aa9707a92f02c46e6ab8611c233b208506bc6a358a2e78a60b74d6859ddfd5e8
SHA512

542a814fac99adcf4978a8e4695bdd023bfdb78937f100104e1ecad93a27e093f95e121e19b9bb3dbdd6a16f39bc80b782d477609a5783b551a3368cf81c4809

Score

10^/10

squirrelwaffle suricata

Malware Config

Extracted

Family

squirrelwaffle

C2

http://spiritofprespa.com/9783Tci2SGF6

http://amjsys.com/RIZszf8vR

http://hrms.prodigygroupindia.com/SKyufGZV

http://centralfloridaasphalt.com/GCN0FChS

http://jhehosting.com/rUuKheB7

http://shoeclearanceoutlet.co.uk/46awDTJjI4l

http://kmslogistik.com/aS1mjTkJIy

http://bartek-lenart.pl/1bWJ57V9vx

http://voip.voipcallhub.com/ZVmfdGHs4T

http://mercyfoundationcio.org/XF9aQrXnakeG

http://key4net.com/a8A2kcc1J

http://chaturanga.groopy.com/mxN3lxZoVApc

http://voipcallhub.com/ilGht5r26

http://ems.prodigygroupindia.com/v5RvVJTz

http://novamarketing.com.pk/k8l36uus

http://lenartsa.webd.pro/fz16DjmKmHtl

http://lead.jhinfotech.co/YERjiAMaupaz

Attributes

blocklist
94.46.179.80

206.189.205.251

88.242.66.45

85.75.110.214

87.104.3.136

207.244.91.171

49.230.88.160

91.149.252.75

91.149.252.88

92.211.109.152

178.0.250.168

88.69.16.230

95.223.77.160

99.234.62.23

2.206.105.223

84.222.8.201

89.183.239.142

5.146.132.101

77.7.60.154

45.41.106.122

45.74.72.13

74.58.152.123

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

185.220.100.241

199.195.251.84

213.164.204.94

74.125.213.7

74.125.213.9

185.220.100.249

37.71.173.58

93.2.220.100

188.10.191.109

81.36.17.247

70.28.47.118

45.133.172.222

108.41.227.196

37.235.53.46

162.216.47.22

154.3.42.51

45.86.200.60

212.230.181.152

185.192.70.11

14.33.131.72

94.46.179.80

206.189.205.251

178.255.172.194

84.221.205.40

155.138.242.103

178.212.98.156

85.65.32.191

31.167.184.201

88.242.66.45

36.65.102.42

203.213.127.79

85.75.110.214

93.78.214.187

204.152.81.185

183.171.72.218

168.194.101.130

87.104.3.136

92.211.196.33

197.92.140.125

207.244.91.171

49.230.88.160

196.74.16.153

91.149.252.75

91.149.252.88

92.206.15.202

82.21.114.63

92.211.109.152

178.0.250.168

178.203.145.135

85.210.36.4

199.83.207.72

86.132.134.203

88.69.16.230

99.247.129.88

37.201.195.12

87.140.192.0

88.152.185.188

87.156.177.91

99.229.57.160

95.223.77.160

88.130.54.214

99.234.62.23

2.206.105.223

94.134.179.130

84.221.255.199

84.222.8.201

89.183.239.142

87.158.21.26

93.206.148.216

5.146.132.101

77.7.60.154

95.223.75.85

162.254.173.187

50.99.254.163

45.41.106.122

99.237.13.3

45.74.72.13

108.171.64.202

74.58.152.123

216.209.253.121

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

Targets

- Target
  
  aa9707a92f02c46e6ab8611c233b208506bc6a358a2e78a60b74d6859ddfd5e8
- Size
  
  68KB
- MD5
  
  35b95a6e1a9c965e3f169d6802a53280
- SHA1
  
  3b27f9e01d12d9433ec7afcc82ab45d6892b6a7c
- SHA256
  
  aa9707a92f02c46e6ab8611c233b208506bc6a358a2e78a60b74d6859ddfd5e8
- SHA512
  
  542a814fac99adcf4978a8e4695bdd023bfdb78937f100104e1ecad93a27e093f95e121e19b9bb3dbdd6a16f39bc80b782d477609a5783b551a3368cf81c4809
Score

10^/10

suricata
- suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
  suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2