General
-
Target
a5390e1cfcb48d9172afa6624fec6757.bin
-
Size
9KB
-
Sample
230501-cf6xjseb49
-
MD5
b54aec92a7d7613f6c3225149b0b76bb
-
SHA1
00685d529a2b49cde113f3c7faf92f3be9ea86ad
-
SHA256
b39e9da10e1d0062f2254cae99e58f1c46de46829bd86b3ab37a8d9e32e1a95e
-
SHA512
52f7698f38af332e68b76f0db21574f4105567572ff5069623f5e75d49c33ebdfaf36b104efe1fdf71ff7bca8372cfbb135432b6c76b1dd91239d1bc14ba2ae1
-
SSDEEP
192:ROV4ofhVU6MDGK1BgOvx3jf90rD+Y6ZCtRHIaHIRIyNDnW2RX:RpofhVU6C5+6ZG+YTIaoRrZ
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
ORDER-230428.js
-
Size
521KB
-
MD5
678f7bc2963dfe7d00f80de5132f63af
-
SHA1
b2f9383257887b902b25c7f24e1d6320cb88acea
-
SHA256
749508570fded7091e235707bd3a1f72c64c2428802abafaa98c47ce970c8df6
-
SHA512
9fc216681d1e1979cafd33b8c41f116dc99f0e859dd87ed2340e1d3609efc0f302c7c2215500f3bafc3f5b45003898facc55e0fd5c4c7f0097da04977abcb777
-
SSDEEP
384:lilWWgNgxgygHWWWWW/IHWWWWWXgHBq8iOAwI4LuRu1kKMiIeBWSPSHv7rWektWW:d1H0Ef
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-