Extracted

• • Target

    beca565451640f739d3c8771861c838417837e7169d73af86cc3780dbd099be2.js

  • Size

    7KB

  • MD5

    54ea1f4f2737e111ffbcc03808dfec31

  • SHA1

    7027bd0207b975128d688916230ec4f8900b2bd6

  • SHA256

    beca565451640f739d3c8771861c838417837e7169d73af86cc3780dbd099be2

  • SHA512

    fb9cabdcd57e7f70aef201d29bd922c615714ee40c21bc4697691ac01e8ac4b4959719436199054068abe7ceccbd22adb1c2eb0cd86ce8f768dcf637a2607b3a

  • SSDEEP

    96:qdXsINLKzIXYD4uVaX3X8+eaePEQSX/4KGa:la

  Score

  10^/10

  wshratexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2