Extracted

• • Target

    Request For Quotation.js

  • Size

    1.0MB

  • MD5

    487375104a5fa7cb031f6da568ca65ec

  • SHA1

    139429d45ba1f46d0bfe2d482b7f759239fa2b4a

  • SHA256

    8f7d98aa6507d36a55f21687746b93034dd00c2e5a0c8af19dc3815b324fa194

  • SHA512

    6cf4eb5a444f276ff9facce736a03226c8cd5e3245d969cf28af7130515f6b859afe178ceeedec9ff8f404ca14e1611ec64223aa5f72668f5bf1403c6b010264

  • SSDEEP

    3072:QQ+8zkVUxDEuM3dQ45rhFGkBt6EURY3hPvx:QQ+8zkVUxDEuM3dFh

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2