General

  • Target

    e0bf0ac97cac5a4bffa907ebd81bcb687904f42a600b87ecb0e73bd808c7701a

  • Size

    269KB

  • Sample

    220121-2z3rnscah6

  • MD5

    a51ca1527549bfb42ac08e5ad0bb10a6

  • SHA1

    4d4e0f43435052113d12d06504417a3b58ba44d9

  • SHA256

    e0bf0ac97cac5a4bffa907ebd81bcb687904f42a600b87ecb0e73bd808c7701a

  • SHA512

    eab406ff74aae30d57de51ddd8a520db6ea4dfdf868526dc0c8b83b04d547401dab99d37dc118e5060a68c5dd6e2ea95f2d46b54916d6277a4929e053b8ad926

Malware Config

Extracted

Family

squirrelwaffle

C2

http://deanandwilconstruction.com/UXEvfuIlhws

http://arimeto.lv/Nm70oAfwB

http://gitamschool.com/oZbs0Oqw7uv

http://eresourcesmoneymarket.com/JbVwdgaV6l

http://flyershipmanager.com/SGAsORYsywt

Attributes
  • blocklist

    94.46.179.80

    206.189.205.251

    88.242.66.45

    85.75.110.214

    87.104.3.136

    207.244.91.171

    49.230.88.160

    91.149.252.75

    91.149.252.88

    92.211.109.152

    178.0.250.168

    88.69.16.230

    95.223.77.160

    99.234.62.23

    2.206.105.223

    84.222.8.201

    89.183.239.142

    5.146.132.101

    77.7.60.154

    45.41.106.122

    45.74.72.13

    74.58.152.123

    88.87.68.197

    109.70.100.25

    185.67.82.114

    207.102.138.19

    204.101.161.14

    193.128.108.251

    111.7.100.17

    111.7.100.16

Targets

    • Target

      e0bf0ac97cac5a4bffa907ebd81bcb687904f42a600b87ecb0e73bd808c7701a

    • Size

      269KB

    • MD5

      a51ca1527549bfb42ac08e5ad0bb10a6

    • SHA1

      4d4e0f43435052113d12d06504417a3b58ba44d9

    • SHA256

      e0bf0ac97cac5a4bffa907ebd81bcb687904f42a600b87ecb0e73bd808c7701a

    • SHA512

      eab406ff74aae30d57de51ddd8a520db6ea4dfdf868526dc0c8b83b04d547401dab99d37dc118e5060a68c5dd6e2ea95f2d46b54916d6277a4929e053b8ad926

    • SquirrelWaffle is a simple downloader written in C++.

      SquirrelWaffle.

    • Squirrelwaffle Payload

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks