MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 376180cf80a62085441a0b2a19e9b0fb2abdf3e1020955cfc4bd549e4bcc6726. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SocGholish


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash: 376180cf80a62085441a0b2a19e9b0fb2abdf3e1020955cfc4bd549e4bcc6726
SHA3-384 hash: 7ea7f0e219cbf317e338742ca60ed45f34a35c99377e86badd5c5ca72737662141931f0418b86d22aa5ddcdab8987a67
SHA1 hash: 6fec191fc99d6d4bf85ece108d0cdb191d2a9fcf
MD5 hash: c249583badbaef9a09e430a433a35914
humanhash: nevada-shade-berlin-lake
File name:AutoUpdater.js
Download: download sample
Signature SocGholish
File size:8'508 bytes
First seen:2022-08-05 18:01:51 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 96:HtmNoqutXY7vRcbWdtBu+TZmfNLXMRMgRXftIkwZQQsvo2imAJPfrtvK6IeO61RG:Np92Dg+GUhOQ6VJ3rtvKSv14ySsJrEQM
TLSH T174027496A7E06CC01297AFF3131665D6F4259C9E3790040EF541BBB4FE91D11EB96E30
Reporter @ankit_anubhav
Tags:js socgholish

Intelligence


File Origin
# of uploads :
1
# of downloads :
346
Origin country :
TH TH
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Signature
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Modifies system certificate store
Blocklisted process makes network request

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:SUSP_obfuscated_JS_obfuscatorio
Author:@imp0rtp3
Description:Detect JS obfuscation done by the js obfuscator (often malicious)
Reference:https://obfuscator.io

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments