Extracted

• • Target

    aeace0a8ab23c3ce61d5350201e0e941_JaffaCakes118

  • Size

    88KB

  • MD5

    aeace0a8ab23c3ce61d5350201e0e941

  • SHA1

    85c24929f4c1464636e0c6cce6d86973d980a009

  • SHA256

    530be52b6fab0cbe77614e8321abf7aa90e410a7ebe654c67aece01f6f37ea51

  • SHA512

    e44ab057cfbe18fecf41fb1b15d3b0824fe55127083c33d1e23eb77c7484eaaf4937a2c88fdc91de92f6960eb3e8a1152a407dd68213ff99330d40241407f360

  • SSDEEP

    1536:5KQf2k2MLd2AbmVSJUYH4PzKXZBHCRP/9uRHMV7lmbFYcobOH+arEczQp:nn2Ab64laengHVVkfH4CQ

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2