wshrat | aba8289d1eacae0e2eac939d757b19a576667e4eb47c1d86cbee0ad73f0b3e1a | Triage

Sharing

General

Target

ORDER-25013-67789543AX.vbs
Size

20KB
Sample

250415-l7vg9sv1et
MD5

6b05858262470682bdc3297c6641a3db
SHA1

699d8a5aa6e559cc597db68a9125d804f1350b8a
SHA256

aba8289d1eacae0e2eac939d757b19a576667e4eb47c1d86cbee0ad73f0b3e1a
SHA512

41d2694de39c242c7333ee7e49024229f05fc57ec0b0bd587c98155a6c24a4a72b50b56e4ae9c7a4dfe415923e0796ec53e77e11a7932a30c551a457a560c298
SSDEEP

192:dXPjbMX56FswxMD3AiUAGYsfOnqY6Cw6iO/D4nDSIfwAM65/ZBhb38mBuaZL1xFp:9LwXllDA0GCw6iOb0jf3xTYmBzxFBIw

Score

10^/10

wshrat discovery execution persistence trojan

Malware Config

Extracted

Family

wshrat

C2

http://lee44.kozow.com:6892

Targets

- Target
  
  ORDER-25013-67789543AX.vbs
- Size
  
  20KB
- MD5
  
  6b05858262470682bdc3297c6641a3db
- SHA1
  
  699d8a5aa6e559cc597db68a9125d804f1350b8a
- SHA256
  
  aba8289d1eacae0e2eac939d757b19a576667e4eb47c1d86cbee0ad73f0b3e1a
- SHA512
  
  41d2694de39c242c7333ee7e49024229f05fc57ec0b0bd587c98155a6c24a4a72b50b56e4ae9c7a4dfe415923e0796ec53e77e11a7932a30c551a457a560c298
- SSDEEP
  
  192:dXPjbMX56FswxMD3AiUAGYsfOnqY6Cw6iO/D4nDSIfwAM65/ZBhb38mBuaZL1xFp:9LwXllDA0GCw6iOb0jf3xTYmBzxFBIw
Score

10^/10

wshrat discovery execution persistence trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Wshrat family
  wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wshratdiscoveryexecutionpersistencetrojan