socgholish | c89dc6a8b14b3a5c2f1884c9821d6ee40f94248275ba6394c4b4cebe98290d94 | Triage

Sharing

General

Target

JaffaCakes118_e0e896089036a71cafffbb8ea0d8c6d7
Size

123KB
Sample

250211-ax3kcasrfl
MD5

e0e896089036a71cafffbb8ea0d8c6d7
SHA1

339e435bed611045f64d04191abfbe1b5c57f74b
SHA256

c89dc6a8b14b3a5c2f1884c9821d6ee40f94248275ba6394c4b4cebe98290d94
SHA512

2e8687c829cd260576acea456737d75d8c3d46543f5228f2b0242fa3a91a33a7261dfe3e8654d373cf1c201d5670f79d6b1b556f3572eda812ffa634d7a14523
SSDEEP

3072:JG9cUwc1oBNRwsHd6lt5V/znccYaayevYblTUQtw9Z:JGcUwc1obdU5V/znccbanwblTAZ

Score

10^/10

socgholish discovery downloader phishing

Malware Config

Targets

- Target
  
  JaffaCakes118_e0e896089036a71cafffbb8ea0d8c6d7
- Size
  
  123KB
- MD5
  
  e0e896089036a71cafffbb8ea0d8c6d7
- SHA1
  
  339e435bed611045f64d04191abfbe1b5c57f74b
- SHA256
  
  c89dc6a8b14b3a5c2f1884c9821d6ee40f94248275ba6394c4b4cebe98290d94
- SHA512
  
  2e8687c829cd260576acea456737d75d8c3d46543f5228f2b0242fa3a91a33a7261dfe3e8654d373cf1c201d5670f79d6b1b556f3572eda812ffa634d7a14523
- SSDEEP
  
  3072:JG9cUwc1oBNRwsHd6lt5V/znccYaayevYblTUQtw9Z:JGcUwc1obdU5V/znccbanwblTAZ
Score

10^/10

socgholish discovery downloader
- SocGholish
  SocGholish is a JavaScript payload that downloads other malware.
  downloader socgholish
- Socgholish family
  socgholish
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socgholishdiscoverydownloader

behavioral2