Extracted

• • Target

    Request For Quotation.js

  • Size

    973KB

  • MD5

    fc71c87b2465e63c5205674f9aeb730a

  • SHA1

    2854cf5945ab636c2b78d68d1caffffedf4f0827

  • SHA256

    5dbf39f65d41bae9a5762be44f9f1815bb76c2caabb63d1b2be274bcba2e63c7

  • SHA512

    9edfb762447dc9dc78140a632f5aa884b96112747284fb9f3275e5b960d2585fc7418672cab464ef5cd09a9f3beb9a9efb7da19f41db6b0d082e7e4dce8ee0f7

  • SSDEEP

    6144:QQ1Umw4NGuO/GyTSVddI5qh+7StXtwTx+PrL0Srx7mnDtEKD2uEF2oEA5iUVyFWT:Tn15/

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2