Extracted

• • Target

    ORDER-230428.js

  • Size

    521KB

  • MD5

    678f7bc2963dfe7d00f80de5132f63af

  • SHA1

    b2f9383257887b902b25c7f24e1d6320cb88acea

  • SHA256

    749508570fded7091e235707bd3a1f72c64c2428802abafaa98c47ce970c8df6

  • SHA512

    9fc216681d1e1979cafd33b8c41f116dc99f0e859dd87ed2340e1d3609efc0f302c7c2215500f3bafc3f5b45003898facc55e0fd5c4c7f0097da04977abcb777

  • SSDEEP

    384:lilWWgNgxgygHWWWWW/IHWWWWWXgHBq8iOAwI4LuRu1kKMiIeBWSPSHv7rWektWW:d1H0Ef

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2