General
-
Target
Documents for your perusal.js
-
Size
102KB
-
Sample
220617-ka911sdfd4
-
MD5
1b74efa2c0b35138eca8ecdfa3eba6e0
-
SHA1
e324b86548391b74f204ee8f338aaf346c8f041e
-
SHA256
acbd5ccfb8d60783405dd96a626ef0f1752b1676fbe813e1b95a592229598a49
-
SHA512
3e2555900a56cbd4c2b160c034700818a7a7397eed49ee3d1d3c47b72dedc435ee42789992947c52e62327b26cdf5f8ccd7fc37c45d28f56d2d05b5a13feebbd
Static task
static1
Behavioral task
behavioral1
Sample
Documents for your perusal.js
Resource
win7-20220414-en
Malware Config
Extracted
wshrat
http://79.134.225.5:8443
Targets
-
-
Target
Documents for your perusal.js
-
Size
102KB
-
MD5
1b74efa2c0b35138eca8ecdfa3eba6e0
-
SHA1
e324b86548391b74f204ee8f338aaf346c8f041e
-
SHA256
acbd5ccfb8d60783405dd96a626ef0f1752b1676fbe813e1b95a592229598a49
-
SHA512
3e2555900a56cbd4c2b160c034700818a7a7397eed49ee3d1d3c47b72dedc435ee42789992947c52e62327b26cdf5f8ccd7fc37c45d28f56d2d05b5a13feebbd
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-