Extracted

• • Target

    ORDER28033.xls.vbs

  • Size

    234KB

  • MD5

    ca001aafd820f9bfa17f8449f920ef6c

  • SHA1

    bf11ec3800446dd070575a05a6eee335ca4102a6

  • SHA256

    0553b17fec9602ac18d015f7f9278faedc2897e7d3d5000862ed73f26b741b0f

  • SHA512

    7efa3e5e38158921a997370131988cce1addb11ede472a311a3ea9a724844994a98e5c5f12ecce51863ba36ff6696e0c5c0ceb9879eaf9948fa0f92ca94026da

  • SSDEEP

    768:ryx8QibbbAtQjG3+K3ElKBEjfTRUXxSDoy7ZCoCIL5fBJfdfY:61

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2