Extracted

• • Target

    JHMM9_wpx.js

  • Size

    569KB

  • MD5

    58ad6ce83e888acdfd085c8cb3b7d2d6

  • SHA1

    ea6411fb56d104ab5d716c5d16a9a7bbcfaef5ca

  • SHA256

    dc7d0427f01e02a7752db8ac7aa6f77caf8dc83896b74b3cf6999fcba3288020

  • SHA512

    68b216db2d3a6db40c026e8b69b8ae5fc276700d414bb34f6b2d905164fc0ade17cd2637ad34025c24954e9deb135c7e05fbae7f2a705e3f40d00ced051aa4a6

  • SSDEEP

    6144:KUuJ2eTyeu3UuSuTCFq0WX6uiuEvlZYaZH7CNLZn9BZpZn95999QZG9JsNTN7Zd0:MMw0hJeB7jFA

  Score

  10^/10

  wshratdiscoveryexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Wshrat family

    wshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1