General
-
Target
04371699.vbs
-
Size
8KB
-
Sample
230615-ppfsyagg37
-
MD5
5c75f54e96d8ac97fa9644b0c8bac3d7
-
SHA1
668fef3a068cbbdf4c8fc4b81f3b81b4a671460e
-
SHA256
b03c3e78db7276e75dbb30b144d6dba8d417c25a59ea563c5691b5dbdc2b69e9
-
SHA512
d9eb586c09e3b05d6f35b20f56d4ebb3e4b80da490af0894a37d0388f406c819e66c5355297e0acbbe408b2066467e73bb801d360c8501afb975f1aaf868723a
-
SSDEEP
48:5AqkDUOQB6D8LD1QOFLDnw30Gwj0H6r5d3bCgDoB:IDLDuDVDdIgDe
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
04371699.vbs
-
Size
8KB
-
MD5
5c75f54e96d8ac97fa9644b0c8bac3d7
-
SHA1
668fef3a068cbbdf4c8fc4b81f3b81b4a671460e
-
SHA256
b03c3e78db7276e75dbb30b144d6dba8d417c25a59ea563c5691b5dbdc2b69e9
-
SHA512
d9eb586c09e3b05d6f35b20f56d4ebb3e4b80da490af0894a37d0388f406c819e66c5355297e0acbbe408b2066467e73bb801d360c8501afb975f1aaf868723a
-
SSDEEP
48:5AqkDUOQB6D8LD1QOFLDnw30Gwj0H6r5d3bCgDoB:IDLDuDVDdIgDe
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-