Extracted

• • Target

    Quotation_Request.js

  • Size

    985KB

  • MD5

    4aaba804e86dad56392b2a3dda056001

  • SHA1

    d544b097a373d1357570a4385b7912457367da3c

  • SHA256

    15e847369c9a89eadb626ec7b3f058b17fce169dad5d0ad44edab3d7ec04f745

  • SHA512

    7423d168f25f948310295e27b9a950b8666c6cd44a6a7d0f5768cdf69aec53cb7d068aaf6c3caa0674aed94bbb66aeef8f53dc04107a601cfbabf76641ad412b

  • SSDEEP

    6144:QQb9JgDg3ynDDKFCxCDwYjgegH0LGsJ2W1G32bi3/v0AbiBB8pt1vGWtkbIcJOyq:T7tm

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2