wshrat | ba25eeb1352d5aab2e09eaa942324510ecd964671e7def1e158c3a543534ca1b | Triage

Submit
Reports

Overview

overview

Static

static

f94bfce538...5d1.js

windows7_x64

f94bfce538...5d1.js

windows10_x64

Sharing

General

Target

f94bfce5384f10201df977d67ea6c5d1.js
Size

179KB
Sample

210316-144qqm6zqa
MD5

f94bfce5384f10201df977d67ea6c5d1
SHA1

fb5f56e7e554d466b6ca7264c2748826daac8cc7
SHA256

ba25eeb1352d5aab2e09eaa942324510ecd964671e7def1e158c3a543534ca1b
SHA512

492e18b7a219734a9564bd330f5350582bd3c01d72ce0eb491343777d32dec5162c6deaf2c97ee6d6f68e1e2a025182dc20312fc4fe7c1024e0970ab1056ef65

Score

10^/10

wshrat persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f94bfce5384f10201df977d67ea6c5d1.js

Resource

win7v20201028

wshrat persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f94bfce5384f10201df977d67ea6c5d1.js

Resource

win10v20201028

wshrat persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f94bfce5384f10201df977d67ea6c5d1.js
- Size
  
  179KB
- MD5
  
  f94bfce5384f10201df977d67ea6c5d1
- SHA1
  
  fb5f56e7e554d466b6ca7264c2748826daac8cc7
- SHA256
  
  ba25eeb1352d5aab2e09eaa942324510ecd964671e7def1e158c3a543534ca1b
- SHA512
  
  492e18b7a219734a9564bd330f5350582bd3c01d72ce0eb491343777d32dec5162c6deaf2c97ee6d6f68e1e2a025182dc20312fc4fe7c1024e0970ab1056ef65
Score

10^/10

wshrat persistence trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- WSHRAT Payload
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wshratpersistencetrojan

behavioral2

wshratpersistencetrojan

© 2018-2024

Terms | Privacy