Extracted

• • Target

    PRODUCT_INQUIRY.js

  • Size

    7KB

  • MD5

    41b3e3fe16a95095c6027551de97fe56

  • SHA1

    4ab637d7586c39ebe0938cc01c1b78a4e74cf523

  • SHA256

    2371c47f96686c70eb365d46020b6a03e32f69d2f14e3b98b6de394d72e699bd

  • SHA512

    e9fb8db66b646aeef7c107730f91e037c67a5891fd4ff4db6cbfa39717f819d98dd7202286d1d1437982f14fb32fb56b3ff4de923fd32753c2d2ab7d725e6914

  • SSDEEP

    192:toauNMBVGFVsSvSLauwmS4aaSqOGwmC1CPqau0K+aq18aU4Vmnaujl5waJf4l:toauNMBVGFVsSvSLauwmS4aaSqOGwmCw

  Score

  10^/10

  wshratexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2