wshrat | fd579cb3e6075e13a6c794c435e46013b75d2931339cd0992a6c39325ed6c7d4 | Triage

Sharing

General

Target

fd579cb3e6075e13a6c794c435e46013b75d2931339cd0992a6c39325ed6c7d4
Size

118KB
Sample

240829-yxbzdsyflb
MD5

385e5e0f86878249a69eabe45cab3a50
SHA1

91d19ce60ddc2bee2f36d9f271afd1fc763e716e
SHA256

fd579cb3e6075e13a6c794c435e46013b75d2931339cd0992a6c39325ed6c7d4
SHA512

190590b95898d3229d8ea6a035360261e04801918f9ee43b3b15e66b8f7dfbb4e66baa97cd95756da511f274ee62a0f88abc22b799951cef2c91622eda89297d
SSDEEP

3072:8GHWMRJGLmwHrBVyDKxW7guGJlouha6opWXEyUwOSM7X4:P2AJGLXVOqW7mb0YXEyZJwo

Score

10^/10

wshrat execution

Malware Config

Targets

- Target
  
  c-users-secretary-appdata-roaming-microsoft-windows-start-menu-programs-startup-jzygdby8m3-js
- Size
  
  184KB
- MD5
  
  e533ffedc8288d2f1038cfc77782d6da
- SHA1
  
  f4a78ddfeeac8c36e7b4ece4e7a1341a00ec58cc
- SHA256
  
  5896bd105c977d63bbecedff5f1f994e4172429e91f76815131b626e0378204f
- SHA512
  
  67dede606baca032763127bc0ede51161eb866c30b92356716741d47dc27d9c0bcdd6dd392235b90ec8b119e847e10204dc29fd7907dcbb472da7fa69217844d
- SSDEEP
  
  3072:hp8xbeXigeXajd1LHLLdV60Q0bampZevEzRbURCBeGK/6bbIpklgVDSxGfmuZmUu:hp8xbeXigeXud1LH3dV6zMovRCBeGKWd
Score

8^/10

execution
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2