Extracted

• • Target

    01052024_0641_ops.txt.js

  • Size

    1.0MB

  • MD5

    42daa7bdf868134ceab8d25811a002d4

  • SHA1

    84a272ef955d083506ffcc5e26b3c31d534e6a3c

  • SHA256

    febb058976fa7da37593ac4e0349c4ec36c7be0aab8e5189eef5f371e8b85202

  • SHA512

    fce466ee3309c5e2f47120f01b723653a48fb92a10d32f4211eb671b61bfbbf875657ac034afa662b2e86942fbaa737146cb0a0a54d93376729b75e0f38841b4

  • SSDEEP

    24576:91fVMfI63FPav4bmlaTKj+OosGdZIGoWg3eIjWbmXCWHYkH1uYTGDM:LfSfI63FPavibujHosGdGpBeIibmXCuR

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2