Extracted

• • Target

    3d3b93e744a9fc154a70b6a6b709be2806598abb2b00db8e51faa55f961f3076.js

  • Size

    262KB

  • MD5

    61003ace63f39ed1cc39a22cb924e6b1

  • SHA1

    914548e77023a990b0e79e1cea9ce25991e8116e

  • SHA256

    3d3b93e744a9fc154a70b6a6b709be2806598abb2b00db8e51faa55f961f3076

  • SHA512

    e9d25955a7a9700b996dc435e23505ddb772290bf6370a0ccd122a34fc6c21c935b6a4dfc60fd2d2d00e74e6edb0f6f49d9df960a2ac3b7155a98d908560ba53

  • SSDEEP

    96:GM969Xx6VdE6ruU6S+4SWp9uS+V6fXuSEFYcnhVM3/DyBCODI99PRdN1QNLq9Iu/:gWGcucNHw1c5UEWzC423S68XC

  Score

  10^/10

  wshratexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2