Extracted

• • Target

    Purchase Invoice.js

  • Size

    1013KB

  • MD5

    0d9dbbce1cc0b89b22225bd6cdc6a67a

  • SHA1

    04223db348fe531a15a961cf0e26f9b8257af986

  • SHA256

    ae401add3e6d11019f5bb30c106b7a8fa4d1a93bce47208e4e736e09d1faebdd

  • SHA512

    6a1a18b028d3fbeae8f3a38869b2e2fc44cf10a9cfaedfa314a8bef85c2584444000d593ad90f6f9dc495ba35bc05727aec03c3a42fa797923825c157bd14491

  • SSDEEP

    3072:QQO7VS2G9XYK9oMvjNvyi+xf2yEoal/Wjzy94CDd:QQO7VS2G9XYK9oMh+K3l7

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2