Extracted

• • Target

    48bc766326068e078cf258dea70d49dcce265e4e6dbf18f1a0ce28d310f6a89a_JC.js

  • Size

    7KB

  • MD5

    e6345728433a16afa4f7a0d51341aa92

  • SHA1

    b9d2abb57a98cc815feec3b09a213ef0917c54e6

  • SHA256

    48bc766326068e078cf258dea70d49dcce265e4e6dbf18f1a0ce28d310f6a89a

  • SHA512

    dda5942e836b848f85d62b0dd37bdf453e4e46133d59b4267a947ad9005dcaa958e9b635fad4da1e913c5b6481aec0860d7a7971defb671290c6a1c1bb5e8b33

  • SSDEEP

    96:BxIeyahwb8yHBmtQ+VUVQVPvVNVdVLmhHoi:/F7Pu+myBHzg

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2