Extracted

• • Target

    proof of payment.js

  • Size

    956KB

  • MD5

    ea0abd3283c83ea38f1c2aad7946bc93

  • SHA1

    78996225f4275c638e3ef885a9093e0cc87b36a3

  • SHA256

    efccf4f22b72889b0b4ecba893a50e92faf48b3cdf1eee9680929b7ee4445305

  • SHA512

    891afba2b773cfd0d5662b2291a20f149cf5b1d6a4a1086c2a5c2559213628e61af5ffb46345e68872059b236ec86fc298b052dbfdd3ed4399737d59dd0517af

  • SSDEEP

    6144:MQGNU8Hyom1ly4GmCSJ3VuxTl/LpDC72aKdLrDu1A65F0yUMtcTK8ekCAaDm+tfq:Xees

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2