Extracted

• • Target

    Tax Returns Of R48,765.js

  • Size

    1018KB

  • MD5

    fcf6d37bdd93ae9930c6650c16d873db

  • SHA1

    86eed10bfbfdd7f5f91ce3f2cc81342e9d349d18

  • SHA256

    2c17399dcbac1772f3415387c3385d73aeb4ee3872bcd45c2b4ade63c35c5eef

  • SHA512

    66b456b91e8195918b32e89f4aecb66a66d858f007f64fcdae866a48c7b199e5e64a93feda8917aa730bb188e1ff63636563d1dfe7c97438b98b2f3a2cbfa962

  • SSDEEP

    6144:QQMrBMJwrxq9tec+fPE2Qfe7tcsOHRH+8ihlckYFv85dWVcwXLUM4e//7fJ3eYwa:TkeiM4SEq

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2