Overview

overview

10

Static

static

1

ORDER_231804_List.vbs

windows7-x64

10

ORDER_231804_List.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER_231804_List.pdf.arj

  • Size

    7KB

  • Sample

    230420-pel7zabg41

  • MD5

    fd287d81dda92b5cd5b92fd19b5a7c9d

  • SHA1

    02ed3360d4c4cd54834c251807589a52ff8eabba

  • SHA256

    a71299692434556a06c5bc37082b91bf7736311070556390fa34cedcd44cd976

  • SHA512

    8c551522eba86a0a8ce0253f3f601540e4524e0e7be3b48b98484a27d11ad36ac517210c3b853b36a016cd6af39996d9342c80374cb20d774b9772e85a569efa

  • SSDEEP

    192:S13J00XveSNx3u1AQLrGV7PioGaBmujbheMo80P+KWT/:oJjNx3uTLCdixsjrz0mL

Score
10/10
wshratpersistencetrojan

Malware Config

Extracted

Family

wshrat

C2

http://chongmei33.publicvm.com:7045

Targets

    • Target

      ORDER_231804_List.vbs

    • Size

      249KB

    • MD5

      6afc65fd8742615b1505ec80ed3b40f6

    • SHA1

      5731e7270d31672ba15f038271d16da68d56e148

    • SHA256

      173136a6c173363068e7d7d16907f7fa38ec0d717dff663057304ee54adde4d7

    • SHA512

      74c54092827e8f9e386381c64a8639b8d58a4e42fc608fad2687a127e5395de99c99f543f760e40029f830daa63faf49ecc9847476d0514eaaa825605cc52e25

    • SSDEEP

      768:se4mo/QE6/2eWU6c25NXZ1kSEHSTYeB/AiAkpjXnd/NC:Td2tHuSg

    Score
    10/10
    wshratpersistencetrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks