MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 2b3ca3204d257c694ff46987a95726484edeb24a37e647be4e71d8c8be2faae5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
SocGholish
Vendor detections: 5
SHA256 hash: | 2b3ca3204d257c694ff46987a95726484edeb24a37e647be4e71d8c8be2faae5 |
---|---|
SHA3-384 hash: | f0e14c72af73ab0c52fa45e32e7a01bdcd1643d49f50d3fe4e10c91261a8dee55a86dac24c740a758dfeae94d39109ed |
SHA1 hash: | 1aff7c794aab46412ae03390839d8a77f274782d |
MD5 hash: | e55a4afd2ff92c964a044d28caf03ede |
humanhash: | utah-sierra-equal-washington |
File name: | Auto.Updаte.zip |
Download: | download sample |
Signature | SocGholish |
File size: | 3'576 bytes |
First seen: | 2022-08-05 16:22:02 UTC |
Last seen: | Never |
File type: | zip |
MIME type: | application/zip |
ssdeep | 96:1fU8sK7LDPqfHHmKzlos6v1lGxR7zHNd4+75fUmAvkNg:1fNRP4mYcYzHNdp22Ng |
TLSH | T186716C5B95D35C54DD13403CC5DE6023B9A2A6C11F2820DE3F26792E01F6A6B1F2CA47 |
TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
Reporter | @snowdarkz |
Tags: | socgholish zip |

@snowdarkz
I pulled sample from host url in https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-04%20SocGholish%20IOCs but got different patternIntelligence
File Origin
# of uploads :
1
# of downloads :
312
Origin country :

Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Clean
File Type:
JS File
Alert level:
0%
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
obfuscated
Result
Verdict:
MALICIOUS
Link:
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Modifies system certificate store
Blocklisted process makes network request
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via drive-by
Comments
Login required
You need to login to in order to write a comment. Login with your Twitter account.