wshrat | 15e847369c9a89eadb626ec7b3f058b17fce169dad5d0ad44edab3d7ec04f745 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quotation_Request.js

windows7-x64

Quotation_Request.js

windows10-2004-x64

Sharing

General

Target

Quotation_Request.js
Size

985KB
Sample

230530-mkzn5sha84
MD5

4aaba804e86dad56392b2a3dda056001
SHA1

d544b097a373d1357570a4385b7912457367da3c
SHA256

15e847369c9a89eadb626ec7b3f058b17fce169dad5d0ad44edab3d7ec04f745
SHA512

7423d168f25f948310295e27b9a950b8666c6cd44a6a7d0f5768cdf69aec53cb7d068aaf6c3caa0674aed94bbb66aeef8f53dc04107a601cfbabf76641ad412b
SSDEEP

6144:QQb9JgDg3ynDDKFCxCDwYjgegH0LGsJ2W1G32bi3/v0AbiBB8pt1vGWtkbIcJOyq:T7tm

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation_Request.js

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation_Request.js

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  Quotation_Request.js
- Size
  
  985KB
- MD5
  
  4aaba804e86dad56392b2a3dda056001
- SHA1
  
  d544b097a373d1357570a4385b7912457367da3c
- SHA256
  
  15e847369c9a89eadb626ec7b3f058b17fce169dad5d0ad44edab3d7ec04f745
- SHA512
  
  7423d168f25f948310295e27b9a950b8666c6cd44a6a7d0f5768cdf69aec53cb7d068aaf6c3caa0674aed94bbb66aeef8f53dc04107a601cfbabf76641ad412b
- SSDEEP
  
  6144:QQb9JgDg3ynDDKFCxCDwYjgegH0LGsJ2W1G32bi3/v0AbiBB8pt1vGWtkbIcJOyq:T7tm
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy