Extracted

• • Target

    6766c478915817f5a95bc278a0205a89d0fbc03432d544399b70ab3fdc137001.js

  • Size

    7KB

  • MD5

    cf34cf3dc725d0145cb4b3ecfba459e7

  • SHA1

    365a0053eed4c3b621521231c00cd88fef001328

  • SHA256

    6766c478915817f5a95bc278a0205a89d0fbc03432d544399b70ab3fdc137001

  • SHA512

    b5bf5cb90d6e1081cf78dbecf73236f8dc33b0a3c3f9e137c0707006fa6e330b727281be6f3bfbf45fb1db3bfd6249d50d6bc20782aaae79daf4451b0693a32a

  • SSDEEP

    48:hSJE7GJLO4JJoNK5JzOTwgNS2utIGndHsRbJJz0GhD7GJ5o4fuwufQAJ6Gmfo/iT:yO1wtOMgR1uMF5SNEiGF4sdc

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2