Extracted

• • Target

    ORDER-447890-25047AP.js

  • Size

    7KB

  • MD5

    9455be6935fef1fe046b9d6df6ac3cd9

  • SHA1

    5b19631ecf6c5fd49c7de7d0b5e4a0c4d6f7962b

  • SHA256

    74290592dacffc76566bd96f54da0d4a2cec1d6744f6c27ff5cbdff2eb13774a

  • SHA512

    18af68e2ee48741c82c4ea7d8d2f7c5ff58e303d72cc27e9b8e63a8461354c9b54383010ab1084e7d42ae717f8d6f418cdb986bc931fe57f2b347c6cb193cb4f

  • SSDEEP

    48:1VYfV46iVyq72+gPyryK+Gys8gP746+mq72+gPawormojZ+1ZAmojHSSfw9xVq7S:d

  Score

  10^/10

  wshratdiscoveryexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Wshrat family

    wshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1