Extracted

• • Target

    MACHINE_SPECIFICATION.js

  • Size

    7KB

  • MD5

    d19beb79e886bf34835533189bf71c47

  • SHA1

    fdfc5ab5e9613fead711101be1f3fb82521c6d32

  • SHA256

    f43d3dd0794bb4d89b813dcee1d029b0d743c2da958a0cf690582a2e71c00122

  • SHA512

    9e386dd16880addfb7f0ef5adbb72eeffae8365191a51631da399e2bb6b12f634c3dfcd878ea5d822a5d901db9014f28489e89e29b7983efcb578bd21010a1ce

  • SSDEEP

    192:pyBl/3sunJVjnnbKe9VPvGulLdPCvUaVsC89ADYZsAPz:IBjTnTl9y1a5z

  Score

  10^/10

  wshratexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2