Extracted

• • Target

    ca8c51adb24f855f6e92f107ccb4b782081661d8a5288b08bf4fd5911ae02585.vbs

  • Size

    273KB

  • MD5

    a82190a1aa4c07cf23e80083694ae1fd

  • SHA1

    d62b8414e9872584c1498584b68b61e5a0e4dd26

  • SHA256

    ca8c51adb24f855f6e92f107ccb4b782081661d8a5288b08bf4fd5911ae02585

  • SHA512

    6b594b492aac69dfe0e2ff352b9ce131293bb4acdf7a9391200d1da8bd378f241160510da03cb53e1551a240dd90a1e773c9f35064b9cf5cd70dd4bc82b2f01f

  • SSDEEP

    384:B3gLoLuSIMHELTMbseb4jxvTuh0I6EJG7T7EYXDL787OD3Hk2YeE1dDvJuVGKrhh:r/i

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2