Extracted

• • Target

    Quotation_230406A.vbs

  • Size

    271KB

  • MD5

    26dd4d56ebc911f4088bff1a4ba6d90d

  • SHA1

    81be8f4ad3eb8061da6722a8e69c4ca67c0c1a66

  • SHA256

    a3d0cbb2060021757f2514e9f190b1ac4d7d0ec79bc91351ed7a794ba05cab0a

  • SHA512

    2cb54bd272b2238a2168828e69c39e0c9ed9017690f08130927a71aa89e638419cce3d63e8e582ec151414c8c6bc94a56b2d5e937a56df182914e8ac6e0b3f59

  • SSDEEP

    768:DQsieR2wEfnsuuhjdVex8HWqHBACAaDHfj5BjW:wl

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2