Extracted

• • Target

    proof of payment.js

  • Size

    900KB

  • MD5

    6e554787e0c33f72d3b40fc0a9efb825

  • SHA1

    127105cd35967eac8a7299fccd7532c56de70a0c

  • SHA256

    ed3867747c220cc11f5115b4926c74d63cec22cf2d58f5554b832dd2a02718d3

  • SHA512

    e61d1ccc093d942c645aba2da28872854a70f560e483ac01b3246f36623f9df9c428f2b410bed4985bd75f49b51ee28e50a03d2d4211664e298e7eb874bb26a0

  • SSDEEP

    6144:MQDZ29oDbwBXoS+idRXVY1205EBnBCHUMvXzdgfe44jSY77rLQwfu4dr4fgbQZer:XN

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2