Tuesday, December 7, 2021

SQUIRRELWAFFLE – Analysing The Main Loader

This is a follow up for my last post on unpacking SQUIRRELWAFFLE’s custom packer. In this post, we will take a look at the main loader for this malware family, which is typically used for downloading and launching Cobalt Strike.

Since this is going to be a full analysis on this loader, we’ll be covering quite a lot. If you’re interested in following along, you can grab the sample from MalwareBazaar.

SHA256: d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167

Step 1: Entry Point

Read More

Latest news
Related news