socgholish | 490ca65b358286bbd49abfb81cb5df32bb06ec40f7d6189fc3d223f7d70f6983 | Triage

Sharing

General

Target

d2876a6bb14dab1608149ad00d2d1e17_JaffaCakes118
Size

224KB
Sample

241207-p2hs3axrhq
MD5

d2876a6bb14dab1608149ad00d2d1e17
SHA1

e16ec55b9540be52fa16bb98a285dba9457df6bf
SHA256

490ca65b358286bbd49abfb81cb5df32bb06ec40f7d6189fc3d223f7d70f6983
SHA512

5202357bd78e56910d7772aafcdf7d8f27659d4a33e261af597e6a9295f24ac211a10b69f784f0f723fd78f4040347a092f5c4bff029c8b0d153c793f4c811d5
SSDEEP

3072:E+X5SykJfdmdHHDW61fsKLfuwk/Xnz/yNBxYoM15ptL7yDdmdHq:VSykiW6/eXOOw

Score

10^/10

socgholish google discovery downloader phishing

Malware Config

Targets

- Target
  
  d2876a6bb14dab1608149ad00d2d1e17_JaffaCakes118
- Size
  
  224KB
- MD5
  
  d2876a6bb14dab1608149ad00d2d1e17
- SHA1
  
  e16ec55b9540be52fa16bb98a285dba9457df6bf
- SHA256
  
  490ca65b358286bbd49abfb81cb5df32bb06ec40f7d6189fc3d223f7d70f6983
- SHA512
  
  5202357bd78e56910d7772aafcdf7d8f27659d4a33e261af597e6a9295f24ac211a10b69f784f0f723fd78f4040347a092f5c4bff029c8b0d153c793f4c811d5
- SSDEEP
  
  3072:E+X5SykJfdmdHHDW61fsKLfuwk/Xnz/yNBxYoM15ptL7yDdmdHq:VSykiW6/eXOOw
Score

10^/10

socgholish google discovery downloader phishing
- Detected google phishing page
  phishing google
- SocGholish
  SocGholish is a JavaScript payload that downloads other malware.
  downloader socgholish
- Socgholish family
  socgholish
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socgholishgooglediscoverydownloaderphishing

behavioral2