Extracted

• • Target

    Quotation Items.js

  • Size

    924KB

  • MD5

    22e021e97b1606d6abdfaf275e3b5e17

  • SHA1

    4980e4db080a52d5c456c7bb4bc1190eb8bb3a0e

  • SHA256

    bf9732fc595f9164e52870fc95a4673fb5fddd7748003c392aeb8f8776eea077

  • SHA512

    344ceb6b6bc565e88fb3e6ed929af77713d8a77150b3b3abf070ec36d178e997223f00f1eaf64805b0c944d607d167b0792947d41e56341db6406ddd2e009725

  • SSDEEP

    6144:QQvbVQ7mFqpB5KRolwBSA5ey+vONQ6n8G/6TMXoFLNY+bQHtAtLvNYY1mXIcJIQY:Tw

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2