socgholish | b7d6bbea4d724328b0c93d6deda1f0a4e3f98b106b24b39093e72f17a0d3be7a | Triage

Sharing

General

Target

e49d15cdbb15c76693ab6f51bd66705b_JaffaCakes118
Size

118KB
Sample

241212-emqj9aznc1
MD5

e49d15cdbb15c76693ab6f51bd66705b
SHA1

5b7feceff62b54037f6023cf7dd2f3a13bdf8dc0
SHA256

b7d6bbea4d724328b0c93d6deda1f0a4e3f98b106b24b39093e72f17a0d3be7a
SHA512

5eec16ea9603a95000b3d3660d6e53536d9c038ceea35063e658b60f5cca3b96454f684fc8d319d263f9aaf276b6e49217c58fa85e39b1598a85caf6597d5326
SSDEEP

3072:wm6JEErYP+++NsOZHvOodvh7B3wd/RNHTcj9iZc:wm6JV+AL

Score

10^/10

socgholish google discovery downloader phishing

Malware Config

Targets

- Target
  
  e49d15cdbb15c76693ab6f51bd66705b_JaffaCakes118
- Size
  
  118KB
- MD5
  
  e49d15cdbb15c76693ab6f51bd66705b
- SHA1
  
  5b7feceff62b54037f6023cf7dd2f3a13bdf8dc0
- SHA256
  
  b7d6bbea4d724328b0c93d6deda1f0a4e3f98b106b24b39093e72f17a0d3be7a
- SHA512
  
  5eec16ea9603a95000b3d3660d6e53536d9c038ceea35063e658b60f5cca3b96454f684fc8d319d263f9aaf276b6e49217c58fa85e39b1598a85caf6597d5326
- SSDEEP
  
  3072:wm6JEErYP+++NsOZHvOodvh7B3wd/RNHTcj9iZc:wm6JV+AL
Score

10^/10

socgholish google discovery downloader phishing
- Detected google phishing page
  phishing google
- SocGholish
  SocGholish is a JavaScript payload that downloads other malware.
  downloader socgholish
- Socgholish family
  socgholish
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socgholishgooglediscoverydownloaderphishing

behavioral2