Extracted

• • Target

    Tax Returns of R58,765.js

  • Size

    1.1MB

  • MD5

    ab8fb67d6a83a17522570aa8a995dfab

  • SHA1

    dd6915a56f453933511a30fc9d235e4c52393bb6

  • SHA256

    b74a0e8adc5f0681405c94a684d6b887fdc20cd6d198d069f0981d6ba7d658c6

  • SHA512

    6ac13d034cdcdb96394fb54fcfbc7b842345ef07244e0dbfb9be886075d78c2c75f7ef084ecf42a68bfd961652fe54add127f66d82f6c97f83689355e16c571f

  • SSDEEP

    3072:QQ34n7OrQn9IfjRbFo0ivJYmFyyUaKYCHc1I4Cb1ch:QQVo

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2