General

  • Target

    scan23421.js

  • Size

    992KB

  • Sample

    210707-fefjbsq7j6

  • MD5

    cb60009572a19049b91278e09e9bed49

  • SHA1

    1bcd5a69c3f28bc00d22533f774fd43b06279d14

  • SHA256

    fe5e2a9329cebb7abf2422e401032c90d1a669a6209b00c5fe40f66e664c2d9d

  • SHA512

    d26be73534283c1ff33cfbfb5c0f43d5c8e31ea4aea7675dc6664da45bb9f0eca8eadb56ea6e150caf5e4a464c1a8e7077039f156a1e36bf7565a9a1b160ff01

Malware Config

Targets

    • Target

      scan23421.js

    • Size

      992KB

    • MD5

      cb60009572a19049b91278e09e9bed49

    • SHA1

      1bcd5a69c3f28bc00d22533f774fd43b06279d14

    • SHA256

      fe5e2a9329cebb7abf2422e401032c90d1a669a6209b00c5fe40f66e664c2d9d

    • SHA512

      d26be73534283c1ff33cfbfb5c0f43d5c8e31ea4aea7675dc6664da45bb9f0eca8eadb56ea6e150caf5e4a464c1a8e7077039f156a1e36bf7565a9a1b160ff01

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks