Extracted

• • Target

    Request For Quotation.js

  • Size

    899KB

  • MD5

    7fc3ab727001bb3f552bee872b7c90a7

  • SHA1

    f0fa0bdb338ecb45308bc83718559265077b9a86

  • SHA256

    6ce2e7208cceb1b481306e5ccd7e8a8622567926cb3e8cdf442a4e2b94d8d97a

  • SHA512

    13711dca473fc99c572273189531d45d037858c7fb2406c5457e9244aec2c15bd3cf20c6307fe10606a2b1ce3af911d06390f71c93f44f554fdf19f4c82ec24a

  • SSDEEP

    6144:QQ5r1A7G9u13eV4pO5SolqKCvOZYuHYKq/ofQZvN0+QPJkh3dqYB2r8YOdchB1VF:TJ

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2