Overview

overview

10

Static

static

1

proof of payment.js

windows7-x64

10

proof of payment.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    proof of payment.js

  • Size

    900KB

  • Sample

    231027-nfzzsafe77

  • MD5

    6e554787e0c33f72d3b40fc0a9efb825

  • SHA1

    127105cd35967eac8a7299fccd7532c56de70a0c

  • SHA256

    ed3867747c220cc11f5115b4926c74d63cec22cf2d58f5554b832dd2a02718d3

  • SHA512

    e61d1ccc093d942c645aba2da28872854a70f560e483ac01b3246f36623f9df9c428f2b410bed4985bd75f49b51ee28e50a03d2d4211664e298e7eb874bb26a0

  • SSDEEP

    6144:MQDZ29oDbwBXoS+idRXVY1205EBnBCHUMvXzdgfe44jSY77rLQwfu4dr4fgbQZer:XN

Score
10/10
wshrattrojan

Malware Config

Extracted

Family

wshrat

C2

http://harold.ns01.info:1604

Targets

    • Target

      proof of payment.js

    • Size

      900KB

    • MD5

      6e554787e0c33f72d3b40fc0a9efb825

    • SHA1

      127105cd35967eac8a7299fccd7532c56de70a0c

    • SHA256

      ed3867747c220cc11f5115b4926c74d63cec22cf2d58f5554b832dd2a02718d3

    • SHA512

      e61d1ccc093d942c645aba2da28872854a70f560e483ac01b3246f36623f9df9c428f2b410bed4985bd75f49b51ee28e50a03d2d4211664e298e7eb874bb26a0

    • SSDEEP

      6144:MQDZ29oDbwBXoS+idRXVY1205EBnBCHUMvXzdgfe44jSY77rLQwfu4dr4fgbQZer:XN

    Score
    10/10
    wshrattrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks