General
-
Target
Machine_Quotation.vbs
-
Size
232KB
-
Sample
230412-pt2k7sdg2w
-
MD5
a44e4a05672c3d71d24e06ae1bd365b7
-
SHA1
fae43f0429d15d58dd11960dbfc44d8df746b551
-
SHA256
bdeb2422f1ed9b86282ad01e2c3593532260d255c5c049b1879c638ae09461ae
-
SHA512
2464309b8ee42623c715bdc7677ce399dc78d49fb347204bc0373b63d1fb769b9bc4a7b8dc61b86a499d0fb7e7789451d12cecdb6ca0ebe52052cd3a2d7b94c7
-
SSDEEP
768:EYyeC7GF14a5cgFUXgfUtvtxcxsXqujrruAuu7NZFBlvK:pL1
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
Machine_Quotation.vbs
-
Size
232KB
-
MD5
a44e4a05672c3d71d24e06ae1bd365b7
-
SHA1
fae43f0429d15d58dd11960dbfc44d8df746b551
-
SHA256
bdeb2422f1ed9b86282ad01e2c3593532260d255c5c049b1879c638ae09461ae
-
SHA512
2464309b8ee42623c715bdc7677ce399dc78d49fb347204bc0373b63d1fb769b9bc4a7b8dc61b86a499d0fb7e7789451d12cecdb6ca0ebe52052cd3a2d7b94c7
-
SSDEEP
768:EYyeC7GF14a5cgFUXgfUtvtxcxsXqujrruAuu7NZFBlvK:pL1
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-