Extracted

• • Target

    Payment Copy.vbs

  • Size

    245KB

  • MD5

    6cf25c54bbf78ea413ad803fffe22b13

  • SHA1

    f0ff88f5a0279e5c36432c17551aeb22be1d156a

  • SHA256

    75f76d1f0ac721195b5521cf3ed4c980f757c0517046ecfdc24de3451852c67f

  • SHA512

    46aa06243670976bf6f4e9120e9f82abc74d500ed59478eba919d11d16258aca889f2f695d7895f546ffcbee630cd0f29ccdb6572f52f4e76cd73e7c52473492

  • SSDEEP

    768:2CGOM8Mukd+YyZ2bcSKGDJ5h8HAzmMPziai2f3Dxz7Jc:2C/Mm+bG

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2