Overview

overview

10

Static

static

1

quotation.js

windows7-x64

10

quotation.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quotation.js

  • Size

    944KB

  • Sample

    240131-tzs88sadej

  • MD5

    88ae41b328e244baa40100550813c37c

  • SHA1

    b098a717c8f618187bec8cf50aa0bee09bce7268

  • SHA256

    cd0f3713f71701451538380e8c219b0cf0f490cb560760a3e346c6559e823d0f

  • SHA512

    dfb9e92280da0156a8169b43e0cd3690f1cf60a5f32f40ef9cc7ab67c66463d141957d9259e210a520398a92b257012a4608e62954a912538f3952a8ecf97b5f

  • SSDEEP

    6144:XQyIasDlZGlFVd94aBSGgVG5S7lN4Bw0JHqg8Mspk+w9304+7mfSFsnG6Qbfa7wG:go

Score
10/10
wshrattrojan

Malware Config

Extracted

Family

wshrat

C2

http://harold.jetos.com:3609

Targets

    • Target

      quotation.js

    • Size

      944KB

    • MD5

      88ae41b328e244baa40100550813c37c

    • SHA1

      b098a717c8f618187bec8cf50aa0bee09bce7268

    • SHA256

      cd0f3713f71701451538380e8c219b0cf0f490cb560760a3e346c6559e823d0f

    • SHA512

      dfb9e92280da0156a8169b43e0cd3690f1cf60a5f32f40ef9cc7ab67c66463d141957d9259e210a520398a92b257012a4608e62954a912538f3952a8ecf97b5f

    • SSDEEP

      6144:XQyIasDlZGlFVd94aBSGgVG5S7lN4Bw0JHqg8Mspk+w9304+7mfSFsnG6Qbfa7wG:go

    Score
    10/10
    wshrattrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks