Extracted

• • Target

    11252269963235765334.js

  • Size

    21KB

  • MD5

    ce7cfed3e965813a8050c46b5098ab9d

  • SHA1

    aa788929ef8320180315421a8c79be2a539842eb

  • SHA256

    8addeade4351ffe1663f7c10977054eb460348480ba4fcaea34c20a7d6e7d9e4

  • SHA512

    379081eb4f5086b5d28d0be18304f756872827e04b65c45b46582feb53dfaa715aaa424fcd2b2d66423dc1d98623868ec65aff698bcde3367f046bfac0fa7cc2

  • SSDEEP

    384:3/+tc8v+YhrKZKZXeX5U7CP9fD0eX5GrnB63vQOaSDsvkysjqFJ8TatW8TaUxTam:3/+tbv+YhdZXeXic9fD0eXknB6Y6Dsv7

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2