2019-09-13 - WSHRAT INFECTION FROM MALSPAM
- 2019-09-13-malspam-pushing-WSHRAT.eml.zip 42 kB (41,876 bytes)
- 2019-09-13-WSHRAT-infection-traffic.pcap.zip 19.3 MB (19,320,697 bytes)
- 2019-09-13-WSHRAT-malware-and-artifacts.zip 79 kB (79,061 bytes)
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Artifacts noted in the infected user's AppData\Local\Temp directory.
Shown above: WSHRAT persistent on the infected Windows host through the registry.
Shown above: WSHRAT persistent on the infected Windows host through the Startup directory.
Click here to return to the main page.