wshrat | cbe7d5663fd5359a72f88e44d083703d9625235929c31e0f5b16a0b42cb44d35 | Triage

Submit
Reports

Overview

overview

Static

static

1

Tax Return...765.js

windows7-x64

Tax Return...765.js

windows10-2004-x64

Sharing

General

Target

Tax Returns of R58,765.js
Size

1.0MB
Sample

230719-p4mj2aff7s
MD5

33300fb747c6677625aa17d03e1010f3
SHA1

b1bea456907b59a8182a0f01cc0e90f6e32e2779
SHA256

cbe7d5663fd5359a72f88e44d083703d9625235929c31e0f5b16a0b42cb44d35
SHA512

3c7af332da0a394354b0f3245a7677149ea63bdb5e6b5fcbd7fe984d338c1cecb7e299e127859c1dafc4bf199d3d8c3923d2c32213ab292ccc7aa42558b65764
SSDEEP

6144:QQ7vErztQ9MZIUWrltWZV1+VJaMd5KVPb5emOJ62+ILfahP2CTLqO0EXZ9gsP7Ay:Te

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Tax Returns of R58,765.js

Resource

win7-20230712-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Tax Returns of R58,765.js

Resource

win10v2004-20230703-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  Tax Returns of R58,765.js
- Size
  
  1.0MB
- MD5
  
  33300fb747c6677625aa17d03e1010f3
- SHA1
  
  b1bea456907b59a8182a0f01cc0e90f6e32e2779
- SHA256
  
  cbe7d5663fd5359a72f88e44d083703d9625235929c31e0f5b16a0b42cb44d35
- SHA512
  
  3c7af332da0a394354b0f3245a7677149ea63bdb5e6b5fcbd7fe984d338c1cecb7e299e127859c1dafc4bf199d3d8c3923d2c32213ab292ccc7aa42558b65764
- SSDEEP
  
  6144:QQ7vErztQ9MZIUWrltWZV1+VJaMd5KVPb5emOJ62+ILfahP2CTLqO0EXZ9gsP7Ay:Te
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy