Extracted

Extracted

• • Target

    ORDER-230814AF.vbs

  • Size

    9KB

  • MD5

    a1c23f6dbe187a6168eda9a75d5050f8

  • SHA1

    3969f916dee7b2d658feb1850023257e6986dac0

  • SHA256

    5502c7306e749b3a59e5c8b35d7e3b21e397ac0a98092519a19e1c1de2ce1de3

  • SHA512

    36df97c39faa3eb70f75b5858d81fc9c263926402342f488efb2fe6c51d76f60a283c1d2e736088d365c9c9edb7c93ea36579920fc1c37680d4f6623a7e9bb62

  • SSDEEP

    48:NjhD1INdjhDlzDaNdjhD5nqNhIINu1G0NVaUsyOUsfhqzDaNu1G0NVaUsuazD8ug:R

  Score

  10^/10

  warzoneratwshratinfostealerpersistenceratspywarestealertrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2