socgholish | 7823420aa1b9dd5ff9e41aa1a204353b64e30904eb9f915758ef92b65546d5db | Triage

Sharing

General

Target

408b9a994b18159fc8fe8483c48fa33b_JaffaCakes118
Size

245KB
Sample

241013-shn3hsxdkm
MD5

408b9a994b18159fc8fe8483c48fa33b
SHA1

29650afd68adc585866b8dce007f5e9ca53b5fdf
SHA256

7823420aa1b9dd5ff9e41aa1a204353b64e30904eb9f915758ef92b65546d5db
SHA512

8a011c659e43db23eed3fa2255800cead4b6ae931ce0708dc4d18a9d06125593b43611c0f3c7a0ef79b51472963642b6a5f8131cfae8411db3f739e80a243440
SSDEEP

3072:osHoddhSRlw3urMRyA1DaLAZr+5/xTd5Wbb45RAU4cG5GRbmI6eMXJA/PGcxsZYO:hnrMDDaL1vz/lP2V+iusn9

Score

10^/10

socgholish discovery downloader

Malware Config

Targets

- Target
  
  408b9a994b18159fc8fe8483c48fa33b_JaffaCakes118
- Size
  
  245KB
- MD5
  
  408b9a994b18159fc8fe8483c48fa33b
- SHA1
  
  29650afd68adc585866b8dce007f5e9ca53b5fdf
- SHA256
  
  7823420aa1b9dd5ff9e41aa1a204353b64e30904eb9f915758ef92b65546d5db
- SHA512
  
  8a011c659e43db23eed3fa2255800cead4b6ae931ce0708dc4d18a9d06125593b43611c0f3c7a0ef79b51472963642b6a5f8131cfae8411db3f739e80a243440
- SSDEEP
  
  3072:osHoddhSRlw3urMRyA1DaLAZr+5/xTd5Wbb45RAU4cG5GRbmI6eMXJA/PGcxsZYO:hnrMDDaL1vz/lP2V+iusn9
Score

10^/10

socgholish discovery downloader
- SocGholish
  SocGholish is a JavaScript payload that downloads other malware.
  downloader socgholish
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socgholishdiscoverydownloader

behavioral2