2019-09-13 - WSHRAT INFECTION FROM MALSPAM

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Artifacts noted in the infected user's AppData\Local\Temp directory.

 


Shown above:  WSHRAT persistent on the infected Windows host through the registry.

 


Shown above:  WSHRAT persistent on the infected Windows host through the Startup directory.

 

Click here to return to the main page.