squirrelwaffle | e7ac9f53c50a250c0e1eb8382f0e2c758080097bb28411ea740f8500ca9d7dcf

Sharing

Copy URL

Twitter E-mail

General

Target

e7ac9f53c50a250c0e1eb8382f0e2c758080097bb28411ea740f8500ca9d7dcf
Size

68KB
MD5

62e1e817844260d73cee89b4ee9d8fab
SHA1

0fd6ce224809700abd6d8625cec6c3f32fab01ba
SHA256

e7ac9f53c50a250c0e1eb8382f0e2c758080097bb28411ea740f8500ca9d7dcf
SHA512

13b51df16b354f936cf0e52a528ea1bdd1252409b4e3986b4621cb125c6119a8a5a303520afb5d67034253323ea6d7220e3f86e19b9d49769f48e0c5917fc581
SSDEEP

1536:IopYCSIkbiXKfAUQ/MxPx0wL0yi712xkA:IopYCSIk2Sxqwy0xkA

Score

10^/10

squirrelwaffle

Malware Config

Extracted

Family

squirrelwaffle

http://spiritofprespa.com/9783Tci2SGF6

http://amjsys.com/RIZszf8vR

http://hrms.prodigygroupindia.com/SKyufGZV

http://centralfloridaasphalt.com/GCN0FChS

http://jhehosting.com/rUuKheB7

http://shoeclearanceoutlet.co.uk/46awDTJjI4l

http://kmslogistik.com/aS1mjTkJIy

http://bartek-lenart.pl/1bWJ57V9vx

http://voip.voipcallhub.com/ZVmfdGHs4T

http://mercyfoundationcio.org/XF9aQrXnakeG

http://key4net.com/a8A2kcc1J

http://chaturanga.groopy.com/mxN3lxZoVApc

http://voipcallhub.com/ilGht5r26

http://ems.prodigygroupindia.com/v5RvVJTz

http://novamarketing.com.pk/k8l36uus

http://lenartsa.webd.pro/fz16DjmKmHtl

http://lead.jhinfotech.co/YERjiAMaupaz

Attributes

blocklist
94.46.179.80

206.189.205.251

88.242.66.45

85.75.110.214

87.104.3.136

207.244.91.171

49.230.88.160

91.149.252.75

91.149.252.88

92.211.109.152

178.0.250.168

88.69.16.230

95.223.77.160

99.234.62.23

2.206.105.223

84.222.8.201

89.183.239.142

5.146.132.101

77.7.60.154

45.41.106.122

45.74.72.13

74.58.152.123

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

185.220.100.241

199.195.251.84

213.164.204.94

74.125.213.7

74.125.213.9

185.220.100.249

37.71.173.58

93.2.220.100

188.10.191.109

81.36.17.247

70.28.47.118

45.133.172.222

108.41.227.196

37.235.53.46

162.216.47.22

154.3.42.51

45.86.200.60

212.230.181.152

185.192.70.11

14.33.131.72

94.46.179.80

206.189.205.251

178.255.172.194

84.221.205.40

155.138.242.103

178.212.98.156

85.65.32.191

31.167.184.201

88.242.66.45

36.65.102.42

203.213.127.79

85.75.110.214

93.78.214.187

204.152.81.185

183.171.72.218

168.194.101.130

87.104.3.136

92.211.196.33

197.92.140.125

207.244.91.171

49.230.88.160

196.74.16.153

91.149.252.75

91.149.252.88

92.206.15.202

82.21.114.63

92.211.109.152

178.0.250.168

178.203.145.135

85.210.36.4

199.83.207.72

86.132.134.203

88.69.16.230

99.247.129.88

37.201.195.12

87.140.192.0

88.152.185.188

87.156.177.91

99.229.57.160

95.223.77.160

88.130.54.214

99.234.62.23

2.206.105.223

94.134.179.130

84.221.255.199

84.222.8.201

89.183.239.142

87.158.21.26

93.206.148.216

5.146.132.101

77.7.60.154

95.223.75.85

162.254.173.187

50.99.254.163

45.41.106.122

99.237.13.3

45.74.72.13

108.171.64.202

74.58.152.123

216.209.253.121

88.87.68.197

211.107.25.121

109.70.100.25

185.67.82.114

207.102.138.19

204.101.161.14

193.128.108.251

111.7.100.17

111.7.100.16

74.125.210.62

74.125.210.36

104.244.74.57

185.220.101.145

185.220.101.144

185.220.101.18

185.220.100.246

185.220.101.228

185.220.100.243

185.220.101.229

185.220.101.147

185.220.102.250

Signatures

Squirrelwaffle Payload 1 IoCs

resource	yara_rule
sample	squirrelwaffle

Squirrelwaffle family
squirrelwaffle

Files

e7ac9f53c50a250c0e1eb8382f0e2c758080097bb28411ea740f8500ca9d7dcf
.dll windows x86

24db4c5335e3ccc485414b83a37ed6b7

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
WinExec
SetUnhandledExceptionFilter
Sleep
HeapFree
GetCurrentProcess
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
HeapAlloc
UnhandledExceptionFilter

advapi32

GetUserNameW

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

iphlpapi

GetAdaptersInfo

ws2_32

getaddrinfo
socket
WSAStartup
recv
WSACleanup
connect
closesocket
freeaddrinfo
send
shutdown

netapi32

NetApiBufferFree
NetWkstaGetInfo

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list
memmove
memchr
memcpy
__std_terminate
memset

api-ms-win-crt-stdio-l1-1-0

fgetc
fputc
ungetc
_get_stream_buffer_pointers
fflush
fwrite
fgetpos
_fseeki64
fsetpos
__stdio_common_vfprintf
__acrt_iob_func
setvbuf
fclose

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
signal
system
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_localtime32_s
asctime_s
_time64
_localtime64

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

ldr

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

24db4c5335e3ccc485414b83a37ed6b7

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

iphlpapi

ws2_32

netapi32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB