Overview

overview

10

Static

static

10

d56c3c0092...beb.js

windows7-x64

10

d56c3c0092...beb.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3aba14649b590ad2ae66902bcb8f5411ec579df5de9e7edb543eafe1183eeec7.zip

  • Size

    101KB

  • Sample

    250325-xthgbsvjz2

  • MD5

    6cf0e799509528810f6e4c440b15f76b

  • SHA1

    c9449ed012b665fa8eafd8c6257e7b87e2366a09

  • SHA256

    3aba14649b590ad2ae66902bcb8f5411ec579df5de9e7edb543eafe1183eeec7

  • SHA512

    4865eb42fda95d7a2bbfd1d2b6cb17473410c02c3355e6ae5402098efcb4d927b96392a2727a1048aa7c46f7cbf35fd3b96ee73539f4698848270bd92fd86fa2

  • SSDEEP

    1536:D3zBHt8KM4dYog7QGW7bkRcaNS3FpTMpGpFMWSeBrpyf/pcimsDDkiSWd7:hH6xYYoOQGWGNEpT0OpSukfhcirDgXWV

Score
10/10
wshratexecutionpersistencetrojan

Malware Config

Targets

    • Target

      d56c3c009248c55acb99fa5d7c66ca8d6555a3559b66b69aeff99327aa9e2beb.js

    • Size

      217KB

    • MD5

      2852bd566a1ec01b41c53e4e738c6f4a

    • SHA1

      f777cd9e907866bfb9e5513c94fc84f2dcd2cd3a

    • SHA256

      d56c3c009248c55acb99fa5d7c66ca8d6555a3559b66b69aeff99327aa9e2beb

    • SHA512

      f1a75eb649375c2dd18072977e8ebd04988c705a3ecbca10e5cf5bda1e5886e26d66380467d221efbbaf3137128fda8fe62af61f728769dd47abfd79bf0f7e17

    • SSDEEP

      6144:PpHgleX3reXhf6Z9pQDBvR4nRHFPAeRJAklgF2GuuZl:huf6ZUDJ6nlTrl029A

    Score
    10/10
    wshratexecutionpersistencetrojan

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • WSHRAT payload

    • Wshrat family

      wshrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks