MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bffd655d23490973053c7bc21e20162d550c596c340c6a6c45986ce7c6be702a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SocGholish


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bffd655d23490973053c7bc21e20162d550c596c340c6a6c45986ce7c6be702a
SHA3-384 hash: 21477f458e2f6096875bb0ebdfcbfd10ff2223ed37d589494d4e4ea50f1a10509888260bdc14e6f49c54b25524765fc8
SHA1 hash: 72e0652e2caf86fd0de94f79bc8260c99a9a5c92
MD5 hash: 9414a08ed37e69214cabbfa26238e6bb
humanhash: jig-maryland-gee-lactose
File name:Version.105.6177.81.js
Download: download sample
Signature SocGholish
Create hunting rule
File size:24'989 bytes
First seen:2022-12-12 16:38:38 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:Ci/b9WNROI/IExc5EWTB9fRNCOu1nPO1+c:dbo3Il+Wcnq
TLSH T1E7B2A2C83AD2F099536321BA447F1497F23E6E62B4AC9A00D225E4E87C70A1DD577E3C
Reporter abuse_ch
Tags:js socgholish

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HEUR.Trojan-Downloader.Script.Generic.3435.17742.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/639759260c6473d1671aa695/reports/d5a81250-5ab9-4a6e-bcc0-459697d3e789/overview
Result
Verdict:
SUSPICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1132839
Signature
Potential obfuscated javascript found
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bffd655d23490973053c7bc21e20162d550c596c340c6a6c45986ce7c6be702a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x76wkxjdjeexgbj4ppbb4iawfvkqywlmgqggu3cftbwoprv6oava._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221212-t5yqxaef3w/
Behaviour
Modifies system certificate store
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/bffd655d23490973053c7bc21e20162d550c596c340c6a6c45986ce7c6be702a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_obfuscated_JS_obfuscatorio
Create hunting rule
Author:@imp0rtp3
Description:Detect JS obfuscation done by the js obfuscator (often malicious)
Reference:https://obfuscator.io

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments