MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a59ac7ae76abb86ab2e035adbe5253247a2aad9b1ce9f59b3145333e34c26f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socgolish


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a59ac7ae76abb86ab2e035adbe5253247a2aad9b1ce9f59b3145333e34c26f7
SHA3-384 hash: b8f08db701260f825ebfa072e5208d334c4db36b5eb094b0e4018804d9db05002f014b9efb411e8050a65324072e8075
SHA1 hash: 48e49867904d83b35361d6c5f809d16bc251f334
MD5 hash: dad848c52d27ed20002825df023c4d7c
humanhash: lake-william-dakota-river
File name:15.ico
Download: download sample
Signature Socgolish
Create hunting rule
File size:2'972'496 bytes
First seen:2022-08-15 13:26:39 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 24576:1L9O8PanOxlKU3UIMgBBAR1rJullSsSA2l0J7NvfIVNf9Nkxup4AE1Y600oZWE+c:rPaOMgkJEIsKKIAma00R2GSOK3CCz5df
TLSH T149D533628FAFAD7D43ACC23C50479D1947918FD9086CD1EA27E1B5D7005BB831A6B93C
Reporter x3ph1
Tags:js socgolish

Intelligence

File Origin
# of uploads :
1
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PowerShell.Agent.XStr.17362.9819.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
powershell
Link:
https://www.filescan.io/uploads/62fa4a21f6ec33747dafb6f3/reports/3abe8d34-82de-43c3-8003-2ac8e7436285/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
unknown
Classification:
n/a
Score:
0 / 100
Link:
https://www.joesandbox.com/analysis/1051635
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a59ac7ae76abb86ab2e035adbe5253247a2aad9b1ce9f59b3145333e34c26f7/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jjm2y6xhnk5ynkzoannnxzjfgjd2fkwzwhhj6wntcrjthy2me33q._file
Result
Malware family:
netsupport
Create hunting rule
Score:
  10/10
Tags:
family:netsupport persistence rat
Link:
https://tria.ge/reports/220815-ss15tsfbg5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
NetSupport
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4a59ac7ae76abb86ab2e035adbe5253247a2aad9b1ce9f59b3145333e34c26f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socgolish

Java Script (JS) js 4a59ac7ae76abb86ab2e035adbe5253247a2aad9b1ce9f59b3145333e34c26f7

(this sample)

  
Delivery method
Distributed via web download

Comments