• WSHRat VBS Cracked!

  • Subforo dedicado al análisis de software sospechado de Infección. Miembros avanzados analizarán estos. Los programas de esta sección muy posiblemente estén infectados.
Subforo dedicado al análisis de software sospechado de Infección. Miembros avanzados analizarán estos. Los programas de esta sección muy posiblemente estén infectados.
 #495193  por TITAN
 23 Sep 2019, 05:03
Gracias roda !! Abrazo che !
Pregunta lo analizaste ??
Hay un DNS: kingmummylive.com
conecta a la ip: 160.153.133.148
 #495194  por Roda
 24 Sep 2019, 17:57
uhhhh
ni idea che... ni lo revise...
saquenlo !!!
 #495195  por TITAN
 24 Sep 2019, 19:27
Lo muevo a la zona de análisis
 #495225  por lcno
 04 Oct 2019, 01:45
El file en general tiene strings interesantes, vere de poder profundizar mas, acabo de ver este post.

file:                            WSHRat.exe
md5:                            6a92d6ed9cafa2901371412f36783912

---------------------------------------------
No ports selected
\settings.dat
/c wmic csproduct get UUID
UUID
[ Debe registrarse para ver este enlace ] ( [ Debe registrarse para ver este enlace ] )
---------------------------------------------
WSH Rat v1.1
PictureBox1.Image
PictureBox1
Save File As
Form1
WSH Rat
[ Debe registrarse para ver este enlace ]
DoubleBuffered
process-explorer
log-browser
---------------------------------------------
keylogger
GetProperty
FileSystemProxy
RegistryProxy
{4c826102-4dc3-42d9-ab1c-ad1d20f51220}
{60e64ee9-707a-4916-a7d8-4132ff9e5830}
{eff5fec9-64f5-41b2-89c6-33884fcb6a30}
{f2d4cd41-9b92-420e-8ee9-6d32701cfa50}
{c318cb47-5ca2-4bf1-8364-a243a9584060}
{29610a3a-726d-4c83-a7f0-69716bf6e470}
{4f81f996-2f2f-4c20-b691-2e3420d6a570}
{9d651bc0-19b6-4d6d-828e-b34072504e70}
{3f1069d5-c632-43cf-94f6-223b313bbe80}
{d3d2f7f7-a793-4d31-b138-f6899b1b0790}
{5c168c61-73b7-4331-9598-269f09d37e90}
{e2fcf2bd-bdde-4bb9-9582-47919f3ca4a0}
{7fd826d1-aeb8-4d04-abc2-bb7b36b4d6a0}
{c1f355ce-59fd-4e3f-8ea9-983761af12b0}
{c72fb4df-544e-4dc2-8c84-cf9ecb2d84b0}
{49e9ca0a-d9e2-4e91-8a5f-af4fd525feb0}
{b55f4adf-d2df-4d17-a30c-1a3f09bebec0}
{1f2e54cc-cd8f-4b4a-b791-548bffdef2d0}
{121ae0e0-3ae0-44c6-a69e-346d2b0effd0}
{4e13d375-b88a-455d-95fb-e7b162ad7ff0}
{42b4ae9e-9781-4333-9ab3-c295a5f9ac01}
{e8f6758d-e786-4af5-aa9c-08ec6baae211}
{02b2598a-8469-4c03-947d-6a685b6aa621}
{0ee15f1c-2259-4c0b-94c0-7f7d03fc3821}
{6798cc83-569c-405f-920b-1166a4865f31}
{a878a5a5-7c67-47ee-88eb-0cd5f99c1141}
{b00abbe0-3919-470a-87df-1850a39c2c51}
---------------------------------------------
ToolStripDropDownItem
ToolStripItem
get_DisableUACToolStripMenuItem
set_DisableUACToolStripMenuItem
get_RemotePCToolStripMenuItem
set_RemotePCToolStripMenuItem
get_ExecuteRemoteCMDToolStripMenuItem
set_ExecuteRemoteCMDToolStripMenuItem
get_RecoverPasswordToolStripMenuItem
set_RecoverPasswordToolStripMenuItem
get_SurveilanceToolStripMenuItem
set_SurveilanceToolStripMenuItem
get_InternetExplorerEdgeToolStripMenuItem
set_InternetExplorerEdgeToolStripMenuItem
get_GoogleChromeToolStripMenuItem
set_GoogleChromeToolStripMenuItem
get_DownloadAndExecuteToolStripMenuItem
set_DownloadAndExecuteToolStripMenuItem
get_UploadAndExecuteToolStripMenuItem
set_UploadAndExecuteToolStripMenuItem
get_UninstallToolStripMenuItem
set_UninstallToolStripMenuItem
get_ToolToolStripMenuItem
set_ToolToolStripMenuItem
get_RemoteScreenToolStripMenuItem
---------------------------------------------
SHRAT
/is-ready
\Audio\notify.wav
/send-to-me
/open-keylogger
/open-rdp
/open-filebrowser
/is-processes
/is-logs
/update-status
/take-log
/chrome
GOOGLE CHROME BROWSER
==============================
\tmp.tmp
Action
User Name Field
Password Field
Created Time
Password Strength
Password File
skipped
/mozilla
MOZILLA FIREFOX BROWSER
==============================
Web Site
User Name
Password
Password Use
Password Change
INTERNET EXPLORER BROWSER
==============================
Type
Stored In
/mail
EMAIL CLIENTS
==============================
/is-cmd-shell
content-length:
content-length:
HTTP/1.1 200 OK
Content-Length:
Connection: close
Unknown
127.0.0.1
Local Country
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
[ Debe registrarse para ver este enlace ]
/json/
country
country_name
user-agent:
user-agent:
Leelawadee
[WSH] New Client Connected
lblPC
PC-NAME
lblIP
lblCountry
United States
Toast
New Connection
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
WSH Remote Access Tool
CompanyName
WSH Inc California
FileDescription
WSHRat
FileVersion
1.1.0.0
InternalName
WSHRat.exe
LegalCopyright
Copyright
  2019
OriginalFilename
WSHRat.exe
ProductName
WSHRat
ProductVersion
1.1.0.0
Assembly Version
1.1.0.0