Extracted

• • Target

    ORDER-709856-250410AT.js

  • Size

    7KB

  • MD5

    f59cdef1183c8bab106bc1576ba7753d

  • SHA1

    fb6420ddaee10ab75482702322acb7fb6dfb7751

  • SHA256

    1e93ac50d985016adb746750e1e53a686b3dadbe5f5dc52fd3ec9be6c9e4e384

  • SHA512

    4552376e1546208f981451ecc7387a1fd9fd7c2cdb0c980794d737a6c46cbb8f8cb4ca9542c1ffac3d7c53694b3034089a3e9dcd07a3cdc37960d0780786ad2f

  • SSDEEP

    192:JxW3IUkc9ZgGdmiFCndDvW8IL7f9WOELn0XmsWgCqIiCN9CCBCCpBCCswCCiCCgp:JxW3IUkc9ZgGdmiFCndDvW8IL7f9WOE9

  Score

  10^/10

  wshratdiscoveryexecutionpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Wshrat family

    wshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1