Extracted

• • Target

    Invoice.js

  • Size

    21KB

  • MD5

    12b2471d3c8dd16efd69ab5aca0678b9

  • SHA1

    15dca12d5e2d7d0281990ee43ffbcd22396fe01a

  • SHA256

    ae69570258cabd6bbede57ef510836d167c0d9b1752d3d742f8e4769e17eba15

  • SHA512

    7f72edfe2fa615279bfb18a6117afdac855ea6c37250b2473dad2f9ee6d701869123240f44d631020b4fb727869d00a697de5ed7c7bd59640594b57a4db787ac

  • SSDEEP

    384:6/+tc8v+YhrKZKZXeX5U7CP9fD0eX5GrnB63vQOaSDsvkysjqFJ8TatW8TaUxTam:6/+tbv+YhdZXeXic9fD0eXknB6Y6Dsv7

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2