General
-
Target
44012c0ca20d332de770aef31f2cc49b.exe
-
Size
606KB
-
Sample
221024-vctf6ahgbj
-
MD5
44012c0ca20d332de770aef31f2cc49b
-
SHA1
95fda94b60e6156e9c0b81086072b031c5414115
-
SHA256
3922ac9a1588e0d9d5946e71d95d065cc3cf64e776d792b105981e23220d096f
-
SHA512
e55c0629614d15589394f4fe47ad6ed3de342040c632426a1c3bf93cd24f9b3c16d8522d7a10b238166fb287c03427766afb5c992151631c6dab9a7c34432e2d
-
SSDEEP
12288:re3+DBTIES/VC1Qxow0/xloaTFx/qjM67jLZ/+bPb6mYG2ea3uzZ1/DjpZPQMsDc:yYIvaTfAeTkc
Static task
static1
Behavioral task
behavioral1
Sample
44012c0ca20d332de770aef31f2cc49b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
44012c0ca20d332de770aef31f2cc49b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://snkcyp.duckdns.org:3369
Targets
-
-
Target
44012c0ca20d332de770aef31f2cc49b.exe
-
Size
606KB
-
MD5
44012c0ca20d332de770aef31f2cc49b
-
SHA1
95fda94b60e6156e9c0b81086072b031c5414115
-
SHA256
3922ac9a1588e0d9d5946e71d95d065cc3cf64e776d792b105981e23220d096f
-
SHA512
e55c0629614d15589394f4fe47ad6ed3de342040c632426a1c3bf93cd24f9b3c16d8522d7a10b238166fb287c03427766afb5c992151631c6dab9a7c34432e2d
-
SSDEEP
12288:re3+DBTIES/VC1Qxow0/xloaTFx/qjM67jLZ/+bPb6mYG2ea3uzZ1/DjpZPQMsDc:yYIvaTfAeTkc
Score10/10-
WSHRAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-