MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b3ca3204d257c694ff46987a95726484edeb24a37e647be4e71d8c8be2faae5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SocGholish


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 2b3ca3204d257c694ff46987a95726484edeb24a37e647be4e71d8c8be2faae5
SHA3-384 hash: f0e14c72af73ab0c52fa45e32e7a01bdcd1643d49f50d3fe4e10c91261a8dee55a86dac24c740a758dfeae94d39109ed
SHA1 hash: 1aff7c794aab46412ae03390839d8a77f274782d
MD5 hash: e55a4afd2ff92c964a044d28caf03ede
humanhash: utah-sierra-equal-washington
File name:Auto.Updаte.zip
Download: download sample
Signature SocGholish
File size:3'576 bytes
First seen:2022-08-05 16:22:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:1fU8sK7LDPqfHHmKzlos6v1lGxR7zHNd4+75fUmAvkNg:1fNRP4mYcYzHNdp22Ng
TLSH T186716C5B95D35C54DD13403CC5DE6023B9A2A6C11F2820DE3F26792E01F6A6B1F2CA47
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter @snowdarkz
Tags:socgholish zip


Twitter
@snowdarkz
I pulled sample from host url in https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-04%20SocGholish%20IOCs but got different pattern

Intelligence


File Origin
# of uploads :
1
# of downloads :
312
Origin country :
DE DE
Mail intelligence
No data
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Modifies system certificate store
Blocklisted process makes network request

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via drive-by

Comments