wshrat | 0677778651e6e33725cf6517a2bfa1fba1c7ca0bccde26b9c1408cd95b1741f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

Request Fo...ion.js

windows7-x64

Request Fo...ion.js

windows10-2004-x64

Sharing

General

Target

Request For Quotation.js
Size

940KB
Sample

240201-jwl1msfae9
MD5

78252a15f51c83f53b649437cfb4dd89
SHA1

199691ba02706c385773a874fe6a6f6776d336dc
SHA256

0677778651e6e33725cf6517a2bfa1fba1c7ca0bccde26b9c1408cd95b1741f9
SHA512

87217894c79e6e17ef7c40ae3e8ab404fe5a7fc55028763bce93388cb9cc8c778536061ac97ddbc51bb5424a00f55d7362480706c04bfc7ceaa18fc70957c264
SSDEEP

6144:XQsxuHg3waI+262g6Wl087udlFgnSTlWViJo4Q5SSAjMDbriPufIKeMuRg3B6oWM:gD4

Score

10^/10

wshrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation.js

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation.js

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://harold.jetos.com:3609

Targets

- Target
  
  Request For Quotation.js
- Size
  
  940KB
- MD5
  
  78252a15f51c83f53b649437cfb4dd89
- SHA1
  
  199691ba02706c385773a874fe6a6f6776d336dc
- SHA256
  
  0677778651e6e33725cf6517a2bfa1fba1c7ca0bccde26b9c1408cd95b1741f9
- SHA512
  
  87217894c79e6e17ef7c40ae3e8ab404fe5a7fc55028763bce93388cb9cc8c778536061ac97ddbc51bb5424a00f55d7362480706c04bfc7ceaa18fc70957c264
- SSDEEP
  
  6144:XQsxuHg3waI+262g6Wl087udlFgnSTlWViJo4Q5SSAjMDbriPufIKeMuRg3B6oWM:gD4
Score

10^/10

wshrat trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy