Extracted

• • Target

    wpx.js

  • Size

    2.2MB

  • MD5

    28af750ae3556c5bd1a8cb2f56354bdc

  • SHA1

    385e0e12420d06df609f36a1d2dac81ab6b29d41

  • SHA256

    8d06f8c4a583736bb005216551a0e9a146d50afe8bdf0cf2ab1e37aceb98c4bf

  • SHA512

    2be8200fbceca44b7266f53aec5a81c68bd5b831c2b4318223c2428f899d5c48942305dccd77ebf6c6b4ed6c8cdc0bd7e0d3e16f1bf1f09365e5f42151fc45f3

  • SSDEEP

    6144:fUuJ2eTyeu3UuSuTCFq0WX6uiuEvlZYaZH7CNLZn9BZpZn95999QZG9JsNTN7Zda:g7tB3

  Score

  10^/10

  wshratdiscoveryexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Wshrat family

    wshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1