Extracted

• • Target

    proof of payment.js

  • Size

    996KB

  • MD5

    7135b41aea77a2b6c6c7596a539b4969

  • SHA1

    8ffe998003f2049c4853a86e9fcaf9fb77a2d175

  • SHA256

    4f59887cc69a47f38ada16e76602ed520e235c9638923b8c17378c64252bd9fe

  • SHA512

    804889018a76e00853f1207c129aaff3dfb8c7ed3de570195db2d1c4eb7de3a533ba294dfc2d5a63075267faffcb0547634a3659e75400955aa8e1f2373367b9

  • SSDEEP

    6144:QQu9MZdOv/meeqFp/3Rxc/uzchRhVKlb90kNgQgaIZolrVBYWr+Uqb2KKV/mClfV:TCp

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2