General

  • Target

    scan002341.js

  • Size

    993KB

  • Sample

    210707-f71zrxfe6e

  • MD5

    ca10ec548003f9223a54454a91cee868

  • SHA1

    805ec3707a515c27fbd518822ff9df0fc34c3cd6

  • SHA256

    aea11364aeed95ab19fbab4719b7b3c1e47521a12c602fe74d1f0efaa4016999

  • SHA512

    751a0181f8cd31d0efdc70ebabaf2812193c31489066f1ab191907217fb078916f83fed9f54084cc40368fe04b765089675377ad8aba9a7368a0434789894d39

Malware Config

Targets

    • Target

      scan002341.js

    • Size

      993KB

    • MD5

      ca10ec548003f9223a54454a91cee868

    • SHA1

      805ec3707a515c27fbd518822ff9df0fc34c3cd6

    • SHA256

      aea11364aeed95ab19fbab4719b7b3c1e47521a12c602fe74d1f0efaa4016999

    • SHA512

      751a0181f8cd31d0efdc70ebabaf2812193c31489066f1ab191907217fb078916f83fed9f54084cc40368fe04b765089675377ad8aba9a7368a0434789894d39

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks