wshrat | 7133dc35b5ca15d27934a2ebaeb71ca36987752e34b65f87a9507ac02381a9e1 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quotation_Request.js

windows7-x64

Quotation_Request.js

windows10-2004-x64

Sharing

General

Target

Quotation_Request.js
Size

1.1MB
Sample

230526-r7ls1sfh95
MD5

2ccb346e287c2eaaf1954e289d85bb90
SHA1

589b523fdf4feadab37b5ca37f3940b9e068935a
SHA256

7133dc35b5ca15d27934a2ebaeb71ca36987752e34b65f87a9507ac02381a9e1
SHA512

7219218464cbc5b14c33a7b41208ce23608931c6d9e9bd7524f72039d0cb016e256e0f18b3d3f6140a50e058f01d21a5b275a89406b88c0b347b24d6c44efca4
SSDEEP

6144:QQ87FYrGNaJRpypQNKpSoZWaOHWFgqvUe/i7EnI1jtImrA/dgtrltwgV2X4EJIgq:T61wzl

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation_Request.js

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation_Request.js

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  Quotation_Request.js
- Size
  
  1.1MB
- MD5
  
  2ccb346e287c2eaaf1954e289d85bb90
- SHA1
  
  589b523fdf4feadab37b5ca37f3940b9e068935a
- SHA256
  
  7133dc35b5ca15d27934a2ebaeb71ca36987752e34b65f87a9507ac02381a9e1
- SHA512
  
  7219218464cbc5b14c33a7b41208ce23608931c6d9e9bd7524f72039d0cb016e256e0f18b3d3f6140a50e058f01d21a5b275a89406b88c0b347b24d6c44efca4
- SSDEEP
  
  6144:QQ87FYrGNaJRpypQNKpSoZWaOHWFgqvUe/i7EnI1jtImrA/dgtrltwgV2X4EJIgq:T61wzl
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy