wshrat | af8168e035939256e97650454e425e61c561576570f82bc440327a2347d8966a | Triage

Submit
Reports

Overview

overview

Static

static

1

Request Fo...ion.js

windows7-x64

Request Fo...ion.js

windows10-2004-x64

Sharing

General

Target

Request For Quotation.js
Size

926KB
Sample

230601-saffeaeg92
MD5

e1fce1614b7ce17de7b7de01ebcbf1a9
SHA1

83ca60f9e8e25437881338b8af9f8136b4925980
SHA256

af8168e035939256e97650454e425e61c561576570f82bc440327a2347d8966a
SHA512

6b9ba0e52ca0247d85aed3f3f4e00b294e595ddcb118992dc4cb315513dbb50188d7064a044b329b029929ddb5c1da7500a30de23a1d3e0de35385b4950bf66d
SSDEEP

6144:QQPrN4dEtorFCPqFnJKw1KYWn8b69Va0qP2XEhvv0QQpv+HtXoQZybO2slkTZJ3b:TuWUrA

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation.js

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation.js

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  Request For Quotation.js
- Size
  
  926KB
- MD5
  
  e1fce1614b7ce17de7b7de01ebcbf1a9
- SHA1
  
  83ca60f9e8e25437881338b8af9f8136b4925980
- SHA256
  
  af8168e035939256e97650454e425e61c561576570f82bc440327a2347d8966a
- SHA512
  
  6b9ba0e52ca0247d85aed3f3f4e00b294e595ddcb118992dc4cb315513dbb50188d7064a044b329b029929ddb5c1da7500a30de23a1d3e0de35385b4950bf66d
- SSDEEP
  
  6144:QQPrN4dEtorFCPqFnJKw1KYWn8b69Va0qP2XEhvv0QQpv+HtXoQZybO2slkTZJ3b:TuWUrA
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy