← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClearFake Malware Analysis | malware-analysis
WHITE cryptocti 2023-10-16 Modified: 2023-11-15
74
IOCs
HIGH VOLUME
Here’s a look at some of the Javascript injections being used in a fake update campaign for Google Chrome, known as SocGholish, which appears to be running from a compromised website.
binancewordpressclearfakewordpress siteblockchainetherhidingcodejavascript codearrayscriptredlineamadeymaskjunepossiblemaliciousjavascriptpayloadjulyanalysisrandy mceoinpublicwwwsocgholishchromefiddlerdownload
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClearFake Amadey
Indicators of Compromise (5 / 74 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5225371f32a1ba8a5daa8f14ce64e8bf MD5 of 1743f4a392b6d2ad0d47a7a57e277e1a29ecf459275b604919a6131739afdaad 2023-10-16
FileHash-MD5 a3fec32282873b302adaeef78c085aee MD5 of 8ba53b5d773bc157df65fb0941c24e1edbc7c7b47e37b3f7a01751fc3b1a701a 2023-10-16
FileHash-MD5 a655b9c347ce862da682883508be4880 MD5 of 3d77b34ba6dbb49d594e2be590a87f682e1875d2565ff18bdeafc66c9d5594ea 2023-10-16
FileHash-MD5 f1c9c05e648e58b6bef8dada7654a88e MD5 of 1a99ac759fcd881729b76c2904476b4201e794df2d0547c954ea37be7c153131 2023-10-16
FileHash-MD5 bf323fcc78558f702aa91668e1f2996b 2023-10-16
References (2)
↗ https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16 ↗ https://rmceoin.github.io/malware-analysis/clearfake/