Overview

overview

10

Static

static

1

8238be6c23...140.js

windows7-x64

10

8238be6c23...140.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2d87864e4ae3f37438382c7059d1db8.bin

  • Size

    221KB

  • Sample

    230310-b42r3ach8w

  • MD5

    f327cfdbaeccd91a5b5a0b063e582c98

  • SHA1

    89b58a1194e9a683333ffad80aebfcc236a7fb0a

  • SHA256

    65043e29aee119453c03b9699691225c7301b7cea52fadf5c516cadf3b64bab5

  • SHA512

    37399e873e7412b15be234cf0ab2c673fa2889762e22214e053ca3ec8c3348adc7ebe3dbd0d4c569727c0c85626f07b86e4fe01c82d9348baeddb20cfe5ba606

  • SSDEEP

    3072:JqE8SQKKJd1RGDi+qQZQtlMis67EbUY2gndJtmosxEN2XhNkd8qLSIvyc32LijSA:gKQZ9GjUl6bz/mosu5z9zSZuHf

Score
10/10
wshratpersistencetrojan

Malware Config

Extracted

Family

wshrat

C2

http://45.90.222.125:7121

Targets

    • Target

      8238be6c23aee13f83faffb0a2ac1abcb1a698fd87c48aa8f2cd2a36a4a29140.js

    • Size

      1.3MB

    • MD5

      a2d87864e4ae3f37438382c7059d1db8

    • SHA1

      e9fb58de42c5a06f79f2e5121240134402a6c61c

    • SHA256

      8238be6c23aee13f83faffb0a2ac1abcb1a698fd87c48aa8f2cd2a36a4a29140

    • SHA512

      e283e05fb8d43bb1955a47df1ce89834133c45f98b738df775112be8c122cb4d902e637424901ef6cb31d494f834c8bb05cf629743bb2d2e66f4724bca9e8fbf

    • SSDEEP

      6144:m427cWqyvMWQ4jn9SLjCFmKm+GkM27AhrqxV4ENyrWVvBUk/h+N+ZzGwRmwTeXOZ:sP

    Score
    10/10
    wshratpersistencetrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks