Extracted

• • Target

    Payment Notification.js

  • Size

    1009KB

  • MD5

    e7fcc6eafeb8d232acb424cf11a72144

  • SHA1

    4c16409adece66c53e8b1caf87f6bd6f30e611e8

  • SHA256

    4854f4cdfc2cc56b7e62e3cb3503e4d2873207bd1dd99805f3c39a666a1473b5

  • SHA512

    5e03618e89145435b49aaeaccb3b40886a44ecf752c8bf49a1284e8b2a647c7492199c8a2ad13c0393ae591d71f221c09ecd0e2be93b76a8fee6a29196128949

  • SSDEEP

    3072:QQLlH0xKE8W8za9r6HLb6kyVIksLgu9M/z/SjANqyCCn50jPjSF:QQG

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2