General
-
Target
ORDER-232903AF.js
-
Size
7KB
-
Sample
230530-jlgm6sgc54
-
MD5
81d99b2657f3dc270466fbb9c2958a7c
-
SHA1
3c9541b0105664413b9ef3c8f9d13210443a43de
-
SHA256
62dbe0f60858cf1d24dc2dd808b35d843f35e7456889323ce4b648cb15446d72
-
SHA512
c0c4d057aa8fe52027e670d82d5d9a0b26d3fc3c008b5a1bdd87ac95975fb95ac229ee909d2b3190d027ca74676149bbfe0a3601ddd986b73ed18744d7517cd0
-
SSDEEP
24:hIErb05LU35YrOR/JM907TIy8+5UwLU5sVOv45w+v5CrNTtSr6m5pJx2:K4w5xBKdGdgUyre
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
ORDER-232903AF.js
-
Size
7KB
-
MD5
81d99b2657f3dc270466fbb9c2958a7c
-
SHA1
3c9541b0105664413b9ef3c8f9d13210443a43de
-
SHA256
62dbe0f60858cf1d24dc2dd808b35d843f35e7456889323ce4b648cb15446d72
-
SHA512
c0c4d057aa8fe52027e670d82d5d9a0b26d3fc3c008b5a1bdd87ac95975fb95ac229ee909d2b3190d027ca74676149bbfe0a3601ddd986b73ed18744d7517cd0
-
SSDEEP
24:hIErb05LU35YrOR/JM907TIy8+5UwLU5sVOv45w+v5CrNTtSr6m5pJx2:K4w5xBKdGdgUyre
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-