dacls | 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53 | Triage

Submit
Reports

Overview

overview

Static

static

TinkaOTP.dmg

macos_amd64

Resubmissions

06-05-2023 12:48

230506-p126bahb92 1

06-05-2023 12:30

230506-pptd2ahb52 1

12-06-2021 11:09

210612-nqn9qdfdq2 10

12-06-2021 11:04

210612-h83qfce7ax 10

12-06-2021 10:49

210612-mkbljdyans 10

04-06-2021 11:41

210604-617hnrwhna 10

03-06-2021 22:37

210603-9ndgvgx33n 10

03-06-2021 17:09

210603-gxrvff2tan 10

03-06-2021 16:24

210603-lv4d7lhgcs 10

Analysis

max time network
147s
platform
macos_amd64
resource
macos
submitted
03-06-2021 16:24

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

TinkaOTP.dmg

Resource

macos

macos_amd64

0 signatures

0 seconds

Report Analysis Logs

General

Target

TinkaOTP.dmg
Size

6.2MB
MD5

81f8f0526740b55fe484c42126cd8396
SHA1

fe83d95afce63e935dbe22aef40a164cee34f4e5
SHA256

899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
SHA512

751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a

Score

10^/10

dacls miner

Malware Config

Signatures

Dacls
Dacls family.
miner dacls

Processes

/usr/bin/hdiutil
hdiutil attach /Users/run/TinkaOTP.dmg -shadow
1⤵
PID:455

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid B9634302-AB34-4E28-BA0E-39D0C0B1CAC0
1⤵
PID:457

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid B9634302-AB34-4E28-BA0E-39D0C0B1CAC0 -post-exec 4
1⤵
PID:458

/usr/bin/hdiutil
hdiutil info -plist
1⤵
PID:466

/bin/chmod
chmod -R 755 /Volumes/TinkaOTP
1⤵
PID:467

/usr/sbin/sysctl
sysctl -w "kern.bigmacbundlepath=/Volumes/TinkaOTP/TinkaOTP.app"
1⤵
PID:468

/bin/sh
sh -c /tmp/exec
1⤵
PID:469

/bin/bash
sh -c /tmp/exec
1⤵
PID:469

/tmp/exec
/tmp/exec
1⤵
PID:469

/bin/bash
/bin/sh /tmp/exec
1⤵
PID:469

/bin/rm
rm -- /tmp/exec
2⤵
PID:472

/usr/bin/sudo
sudo -k -S open /Volumes/TinkaOTP/TinkaOTP.app
2⤵
PID:471

/usr/bin/open
open /Volumes/TinkaOTP/TinkaOTP.app
3⤵
PID:473

/Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
/Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
1⤵
PID:475

/bin/bash
/bin/bash -c "cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib ~/Library/.mina > /dev/null 2>&1 && chmod +x ~/Library/.mina > /dev/null 2>&1 && ~/Library/.mina > /dev/null 2>&1"
1⤵
PID:478

/bin/cp
cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib /Users/run/Library/.mina
2⤵
PID:479

/bin/chmod
chmod +x /Users/run/Library/.mina
2⤵
PID:480

/Users/run/Library/.mina
/Users/run/Library/.mina
2⤵
PID:481

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/.mina
MD5
f05437d510287448325bac98a1378de1

SHA1
fa3deb60b8a2eaa29a7dccf14bee6adae81f442f

SHA256
846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6

SHA512
466999585e7b09e729def6e13c719b656ba7ee9ca43ea32c8fb3a6177de81a75caf9bd5eb0c0ac172c2b7fea3c1aa57d10349ff98aac472fe2ffafde8cd30165

Download Submit

© 2018-2024

Terms | Privacy