Extracted

• • Target

    Purchase_Order.xls.vbs

  • Size

    527KB

  • MD5

    8faf36edfae1ec0e8eccd3c562c03903

  • SHA1

    0c44c3c6291c67c4eae6e1f8238f098adaee1a32

  • SHA256

    1c546a6548beda639640ebfbb52abd5f6013c33500172cfccf0e8716c96bb196

  • SHA512

    a54ea5e74c1320259b23d43e2eaadf83cf0705306df6dd1ba4bd4e9d77889d04449aa5161ad33165814a8b0f7baf41567537b721a048222f655216d1efdca56b

  • SSDEEP

    384:Lu1hvWiWMmkNULg4viK3Ai44MXziJGUSJ0Pw6qVskjhj6Zxc6Xx0f3+hFx+gItIL:cvO

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2