General
-
Target
Finanzierung.js
-
Size
179KB
-
Sample
210318-5xn7x1l69e
-
MD5
0bc9b5360f88fc7228a93b15ac0a879a
-
SHA1
f1dd1957da7d8fd715bdcd5ce3579c30bd727e88
-
SHA256
262329afc152fa7205598cc6e67751a7b0634e65d2c15cbdb3d4da377a2408c1
-
SHA512
a44bd6b7e4c57b7784c96f8f0176d000a330f413b96f3dfe9221368fce37e28814d5aa8034ccfa0918348cfb174269afe94037a14301b9836e11ad119160cc45
Malware Config
Targets
-
-
Target
Finanzierung.js
-
Size
179KB
-
MD5
0bc9b5360f88fc7228a93b15ac0a879a
-
SHA1
f1dd1957da7d8fd715bdcd5ce3579c30bd727e88
-
SHA256
262329afc152fa7205598cc6e67751a7b0634e65d2c15cbdb3d4da377a2408c1
-
SHA512
a44bd6b7e4c57b7784c96f8f0176d000a330f413b96f3dfe9221368fce37e28814d5aa8034ccfa0918348cfb174269afe94037a14301b9836e11ad119160cc45
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
WSHRAT Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-