Extracted

• • Target

    Request For Quotation.js

  • Size

    965KB

  • MD5

    361ff80872705750749fc5c27006aba5

  • SHA1

    d0e36f27aea4f6b17587f68d06f307e368d8443a

  • SHA256

    bf2f0ecbbbd33ef1369595b5f7455e8777abeadd3b12571209a8f44c92628ee8

  • SHA512

    ee33aa8a50b7f30925a44f22bfe7be6e686ce4fdeb49d9e258b0b5a3c16b94568723dfca53ba80bdc12be4a8ae3eee455a1322c75d094c886174d89052415b4f

  • SSDEEP

    6144:QQQ2zF22es2/0w7aMT3H2KqPLOSxgEDC4OlNnOm5trZ+DGArhisPGfLA5b0l2uvN:TfG

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2