Extracted

• • Target

    quotation.js

  • Size

    944KB

  • MD5

    88ae41b328e244baa40100550813c37c

  • SHA1

    b098a717c8f618187bec8cf50aa0bee09bce7268

  • SHA256

    cd0f3713f71701451538380e8c219b0cf0f490cb560760a3e346c6559e823d0f

  • SHA512

    dfb9e92280da0156a8169b43e0cd3690f1cf60a5f32f40ef9cc7ab67c66463d141957d9259e210a520398a92b257012a4608e62954a912538f3952a8ecf97b5f

  • SSDEEP

    6144:XQyIasDlZGlFVd94aBSGgVG5S7lN4Bw0JHqg8Mspk+w9304+7mfSFsnG6Qbfa7wG:go

  Score

  10^/10

  wshrattrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2