Extracted

• • Target

    Request For Quotation.js

  • Size

    1.1MB

  • MD5

    6802893839ecd1df26e60959bf4bfbd5

  • SHA1

    91102e6f69fc112599939bdb891f46617c893947

  • SHA256

    eb129e3d51a6aad56cc4c97fc90edd5faac9f5381cc6406875babcb3c3d25e17

  • SHA512

    45f24d8c4b918c59cf169b66c9d22dfc9b9d2a711d611743e6d2cb64deed45dc3a07838100b7c59a604d268e30cb17936a88f6044a40c147350aa8c4c6f6b205

  • SSDEEP

    6144:QQ6n1AxEHOJVStgtYTg+fUqsVQ72Qx8awByRoTLlksKpFWX3Dw4r8l8IMjKrd7ra:TuTtG

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2