General
-
Target
2371c47f96686c70eb365d46020b6a03e32f69d2f14e3b98b6de394d72e699bd.js
-
Size
7KB
-
Sample
241024-bld82szelp
-
MD5
41b3e3fe16a95095c6027551de97fe56
-
SHA1
4ab637d7586c39ebe0938cc01c1b78a4e74cf523
-
SHA256
2371c47f96686c70eb365d46020b6a03e32f69d2f14e3b98b6de394d72e699bd
-
SHA512
e9fb8db66b646aeef7c107730f91e037c67a5891fd4ff4db6cbfa39717f819d98dd7202286d1d1437982f14fb32fb56b3ff4de923fd32753c2d2ab7d725e6914
-
SSDEEP
192:toauNMBVGFVsSvSLauwmS4aaSqOGwmC1CPqau0K+aq18aU4Vmnaujl5waJf4l:toauNMBVGFVsSvSLauwmS4aaSqOGwmCw
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
2371c47f96686c70eb365d46020b6a03e32f69d2f14e3b98b6de394d72e699bd.js
-
Size
7KB
-
MD5
41b3e3fe16a95095c6027551de97fe56
-
SHA1
4ab637d7586c39ebe0938cc01c1b78a4e74cf523
-
SHA256
2371c47f96686c70eb365d46020b6a03e32f69d2f14e3b98b6de394d72e699bd
-
SHA512
e9fb8db66b646aeef7c107730f91e037c67a5891fd4ff4db6cbfa39717f819d98dd7202286d1d1437982f14fb32fb56b3ff4de923fd32753c2d2ab7d725e6914
-
SSDEEP
192:toauNMBVGFVsSvSLauwmS4aaSqOGwmC1CPqau0K+aq18aU4Vmnaujl5waJf4l:toauNMBVGFVsSvSLauwmS4aaSqOGwmCw
Score10/10-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-