wshrat | 699fdfbf624be71c9c2b36081e22209aa7ad96dd5cedaf6fc0fcb1fd37720c1f | Triage

Submit
Reports

Overview

overview

Static

static

1

8430808dd1...e3b.js

windows7-x64

8430808dd1...e3b.js

windows10-2004-x64

Sharing

General

Target

0a72d138c339bdb349da3c3311ba42d9.bin
Size

218KB
Sample

230408-bct8xadc21
MD5

e657564b5e03c287683e3ea5f98e0d45
SHA1

0603bee8a2edc0bcd997a3035971bbf682de9b1f
SHA256

699fdfbf624be71c9c2b36081e22209aa7ad96dd5cedaf6fc0fcb1fd37720c1f
SHA512

b7aba009338b9ffb591bc09a340cb6f8cb4be2f69a8bd6ab70738f523f08bf5144b9c2e8fed7f10a26eeeb2a580f6af6d6960fed7ab1218a40e49563ef7354b3
SSDEEP

6144:eiRM/ZZKG6oENMLSwEMjaJp34vKWSC6vKqWEukDVy:0/ZUGQMmwEMjaJp3k56iqWEukg

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

8430808dd1aed6da9483dfe4c24a6747b65d3b542b407f462358c42a6a423e3b.js

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8430808dd1aed6da9483dfe4c24a6747b65d3b542b407f462358c42a6a423e3b.js

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  8430808dd1aed6da9483dfe4c24a6747b65d3b542b407f462358c42a6a423e3b.js
- Size
  
  1.1MB
- MD5
  
  0a72d138c339bdb349da3c3311ba42d9
- SHA1
  
  39d2a2aa91b20890b205e3afbfa6998316264ad9
- SHA256
  
  8430808dd1aed6da9483dfe4c24a6747b65d3b542b407f462358c42a6a423e3b
- SHA512
  
  a51616d35b40731d825ea1ca6900f68cc3add16594f0aa63a565afdd3a756165c86aad3b52363352d7118ef7cc071c0255517837de9397ab8f447ea8f3b539e8
- SSDEEP
  
  6144:MQJzmNEfYck5GmLcmSmA3ntOsAZelVWGNODAVnBk5ogYgtsY52PyeeZ4w5QVaQUU:X/7
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy