Extracted

• • Target

    Request For Quotation.js

  • Size

    926KB

  • MD5

    e1fce1614b7ce17de7b7de01ebcbf1a9

  • SHA1

    83ca60f9e8e25437881338b8af9f8136b4925980

  • SHA256

    af8168e035939256e97650454e425e61c561576570f82bc440327a2347d8966a

  • SHA512

    6b9ba0e52ca0247d85aed3f3f4e00b294e595ddcb118992dc4cb315513dbb50188d7064a044b329b029929ddb5c1da7500a30de23a1d3e0de35385b4950bf66d

  • SSDEEP

    6144:QQPrN4dEtorFCPqFnJKw1KYWn8b69Va0qP2XEhvv0QQpv+HtXoQZybO2slkTZJ3b:TuWUrA

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2