General
-
Target
E-receipt #8992-WSH-276020222.js
-
Size
37KB
-
Sample
220628-y54pdacahr
-
MD5
85f9be3cfbb0cebf7a3f87530dce3297
-
SHA1
af0fe8f3ef7d964ddbe723106e54244d92b2f5e6
-
SHA256
7ea3bad5df5eacdf31f9bef34b6486c6e709feb5a796f582e6cafe5aea773940
-
SHA512
c1b60ec0aabaec7df0e6b37550c2811d43fe4ca6313c1462b14c434e85ec64c270d5ad03c274e0b131374cd58d166fe8764b615e935a8e26006800751014fe84
Static task
static1
Behavioral task
behavioral1
Sample
E-receipt #8992-WSH-276020222.js
Resource
win7-20220414-en
Malware Config
Extracted
wshrat
http://37.0.8.115:8992
Targets
-
-
Target
E-receipt #8992-WSH-276020222.js
-
Size
37KB
-
MD5
85f9be3cfbb0cebf7a3f87530dce3297
-
SHA1
af0fe8f3ef7d964ddbe723106e54244d92b2f5e6
-
SHA256
7ea3bad5df5eacdf31f9bef34b6486c6e709feb5a796f582e6cafe5aea773940
-
SHA512
c1b60ec0aabaec7df0e6b37550c2811d43fe4ca6313c1462b14c434e85ec64c270d5ad03c274e0b131374cd58d166fe8764b615e935a8e26006800751014fe84
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-