Extracted

• • Target

    ORDER-232903AF.js

  • Size

    7KB

  • MD5

    81d99b2657f3dc270466fbb9c2958a7c

  • SHA1

    3c9541b0105664413b9ef3c8f9d13210443a43de

  • SHA256

    62dbe0f60858cf1d24dc2dd808b35d843f35e7456889323ce4b648cb15446d72

  • SHA512

    c0c4d057aa8fe52027e670d82d5d9a0b26d3fc3c008b5a1bdd87ac95975fb95ac229ee909d2b3190d027ca74676149bbfe0a3601ddd986b73ed18744d7517cd0

  • SSDEEP

    24:hIErb05LU35YrOR/JM907TIy8+5UwLU5sVOv45w+v5CrNTtSr6m5pJx2:K4w5xBKdGdgUyre

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2