Technical analysis by the Malware Hunter JAMESWT

WHS RAT is spread by cybercrime bundle with SlimPDF Reader

WSH RAT is been spread by cybercrime bundle with SlimPdf Reader. The vector is a mail with a fake CV attached. The file, in fact, is an exe. If opened, it requires victim to install the Reader. Meanwhile, a JS activates the malware infection chain. It’s a variant of the VBS-based Houdini Worm, first created and spread in 2013. The RAT allows operators to steal browsers and email clients passwords, control the computer targeted remotely, uploading, downloading, and executing files, as well as remote scripts and commands.

The exe file with the malicious JS