wshrat | 8cae71910574fa96fdf20ddab8897e90d155e50036ddb2f3d033a7b13a45b90f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Request Fo...ion.js

windows7-x64

Request Fo...ion.js

windows10-2004-x64

Sharing

General

Target

Request For Quotation.js
Size

926KB
Sample

230721-g52rcacc73
MD5

d88e96b01cbe12a5dbaefd28ccfcc7dc
SHA1

d1c01512b187176428440463eaae7b7d5be2aabf
SHA256

8cae71910574fa96fdf20ddab8897e90d155e50036ddb2f3d033a7b13a45b90f
SHA512

1dc22521994a390b97ad7e7880f1812b865a22b5c5681bacc3870f37baae37f2772e071f68a6a7b1669664f2c00d0f7c96d8815601bdcef69c43d008da348388
SSDEEP

6144:QQbl/QgzB5SMaGRnxrga5gxa17U7ck9d8JDr+DNgMPiColqGYXY/i/Dz9rcgVfEn:TNLfp

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation.js

Resource

win7-20230712-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation.js

Resource

win10v2004-20230703-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.2waky.com:3609

Targets

- Target
  
  Request For Quotation.js
- Size
  
  926KB
- MD5
  
  d88e96b01cbe12a5dbaefd28ccfcc7dc
- SHA1
  
  d1c01512b187176428440463eaae7b7d5be2aabf
- SHA256
  
  8cae71910574fa96fdf20ddab8897e90d155e50036ddb2f3d033a7b13a45b90f
- SHA512
  
  1dc22521994a390b97ad7e7880f1812b865a22b5c5681bacc3870f37baae37f2772e071f68a6a7b1669664f2c00d0f7c96d8815601bdcef69c43d008da348388
- SSDEEP
  
  6144:QQbl/QgzB5SMaGRnxrga5gxa17U7ck9d8JDr+DNgMPiColqGYXY/i/Dz9rcgVfEn:TNLfp
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy