Extracted

Extracted

• • Target

    ORDER-238175F.pdf.js

  • Size

    7KB

  • MD5

    71223537f79596646a8938dd2346b649

  • SHA1

    e0746a857f5aa62fff78070bd3b97db2ddfe559a

  • SHA256

    7a57c3bcbdfc2482505bcf4c20885c1288635f780667a5cf4c7f0804251dd719

  • SHA512

    a6850d1eed527874e8b93aa29fa76df11faa7147392db4bb8acf255f4cef028ebfddec329c8f8d0c2e3010f0f0b05b650558108583ae28a0913a849c6dff33ab

  • SSDEEP

    192:RrhdeJCAgeSP5NvpaQKz6epeZeyqOeLDe2t5De2OeLDeTeaeIC:dvpBiRjj

  Score

  10^/10

  warzoneratwshratinfostealerpersistencerattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2