Overview

overview

10

Static

static

1

6ce2e7208c...97a.js

windows7-x64

10

6ce2e7208c...97a.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fc3ab727001bb3f552bee872b7c90a7.bin

  • Size

    208KB

  • Sample

    230527-btd81saa56

  • MD5

    a110f30318f89013d461a1d3c5ce95c1

  • SHA1

    773d9050732c3c2337a3fcc7288090a902dff626

  • SHA256

    582ea24cd2052b74375774919a7e1f0de80e4bf9884234b26cb417502c1d2a74

  • SHA512

    93d6b99d5f90ea7c74a184310298a9abe8514981c327879781e69e15ed99c2de377f728cb61cdec5604187d41fa3e3a0ccf127d292696f15a1f57df820f21331

  • SSDEEP

    3072:GYUq2GG4y/SQyG7yo3/8lywT6qrFB3kTVVy58ke7oFd61H0Eh7YpeM/xYzbjUzcy:GnVaQ7yW8VT0RVy54iEV/QeyW3fOzfpJ

Score
10/10
wshrattrojan

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

    • Target

      6ce2e7208cceb1b481306e5ccd7e8a8622567926cb3e8cdf442a4e2b94d8d97a.js

    • Size

      899KB

    • MD5

      7fc3ab727001bb3f552bee872b7c90a7

    • SHA1

      f0fa0bdb338ecb45308bc83718559265077b9a86

    • SHA256

      6ce2e7208cceb1b481306e5ccd7e8a8622567926cb3e8cdf442a4e2b94d8d97a

    • SHA512

      13711dca473fc99c572273189531d45d037858c7fb2406c5457e9244aec2c15bd3cf20c6307fe10606a2b1ce3af911d06390f71c93f44f554fdf19f4c82ec24a

    • SSDEEP

      6144:QQ5r1A7G9u13eV4pO5SolqKCvOZYuHYKq/ofQZvN0+QPJkh3dqYB2r8YOdchB1VF:TJ

    Score
    10/10
    wshrattrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks