wshrat | 3d3b93e744a9fc154a70b6a6b709be2806598abb2b00db8e51faa55f961f3076 | Triage

Submit
Reports

Overview

overview

Static

static

1

mc.js

windows7-x64

mc.js

windows10-2004-x64

Sharing

General

Target

mc.js
Size

262KB
Sample

240520-nke56saa6s
MD5

61003ace63f39ed1cc39a22cb924e6b1
SHA1

914548e77023a990b0e79e1cea9ce25991e8116e
SHA256

3d3b93e744a9fc154a70b6a6b709be2806598abb2b00db8e51faa55f961f3076
SHA512

e9d25955a7a9700b996dc435e23505ddb772290bf6370a0ccd122a34fc6c21c935b6a4dfc60fd2d2d00e74e6edb0f6f49d9df960a2ac3b7155a98d908560ba53
SSDEEP

96:GM969Xx6VdE6ruU6S+4SWp9uS+V6fXuSEFYcnhVM3/DyBCODI99PRdN1QNLq9Iu/:gWGcucNHw1c5UEWzC423S68XC

Score

10^/10

wshrat execution persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

mc.js

Resource

win7-20240221-en

wshrat execution persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

mc.js

Resource

win10v2004-20240508-en

wshrat execution persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

wshrat

C2

http://chongmei33.publicvm.com:7045

Targets

- Target
  
  mc.js
- Size
  
  262KB
- MD5
  
  61003ace63f39ed1cc39a22cb924e6b1
- SHA1
  
  914548e77023a990b0e79e1cea9ce25991e8116e
- SHA256
  
  3d3b93e744a9fc154a70b6a6b709be2806598abb2b00db8e51faa55f961f3076
- SHA512
  
  e9d25955a7a9700b996dc435e23505ddb772290bf6370a0ccd122a34fc6c21c935b6a4dfc60fd2d2d00e74e6edb0f6f49d9df960a2ac3b7155a98d908560ba53
- SSDEEP
  
  96:GM969Xx6VdE6ruU6S+4SWp9uS+V6fXuSEFYcnhVM3/DyBCODI99PRdN1QNLq9Iu/:gWGcucNHw1c5UEWzC423S68XC
Score

10^/10

wshrat execution persistence trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wshratexecutionpersistencetrojan

behavioral2

wshratexecutionpersistencetrojan

© 2018-2024

Terms | Privacy