dacls | 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53 | Triage

Submit
Reports

Overview

overview

Static

static

TinkaOTP.dmg

macos_amd64

Analysis

max time network
153s
platform
macos_amd64
resource
macos
submitted
03/06/2021, 16:07

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

TinkaOTP.dmg

Resource

macos

macos_amd64

0 signatures

0 seconds

Report Analysis Logs

General

Target

TinkaOTP.dmg
Size

6.2MB
MD5

81f8f0526740b55fe484c42126cd8396
SHA1

fe83d95afce63e935dbe22aef40a164cee34f4e5
SHA256

899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
SHA512

751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a

Score

10^/10

dacls miner

Malware Config

Signatures

Dacls
Dacls family.
miner dacls

Processes

/usr/bin/hdiutil
hdiutil attach /Users/run/TinkaOTP.dmg -shadow
1⤵
PID:455

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 71899B10-BADD-4E29-AAF7-848414C3E10A
1⤵
PID:457

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 71899B10-BADD-4E29-AAF7-848414C3E10A -post-exec 4
1⤵
PID:458

/usr/bin/hdiutil
hdiutil info -plist
1⤵
PID:466

/bin/chmod
chmod -R 755 /Volumes/TinkaOTP
1⤵
PID:467

/usr/sbin/sysctl
sysctl -w "kern.bigmacbundlepath=/Volumes/TinkaOTP/TinkaOTP.app"
1⤵
PID:468

/bin/sh
sh -c /tmp/exec
1⤵
PID:469

/bin/bash
sh -c /tmp/exec
1⤵
PID:469

/tmp/exec
/tmp/exec
1⤵
PID:469

/bin/bash
/bin/sh /tmp/exec
1⤵
PID:469
- /bin/rm
  rm -- /tmp/exec
  2⤵
  PID:472
- /usr/bin/sudo
  sudo -k -S open /Volumes/TinkaOTP/TinkaOTP.app
  2⤵
  PID:471
- - /usr/bin/open
    open /Volumes/TinkaOTP/TinkaOTP.app
    3⤵
    PID:473

/Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
/Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
1⤵
PID:474

/bin/bash
/bin/bash -c "cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib ~/Library/.mina > /dev/null 2>&1 && chmod +x ~/Library/.mina > /dev/null 2>&1 && ~/Library/.mina > /dev/null 2>&1"
1⤵
PID:477
- /bin/cp
  cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib /Users/run/Library/.mina
  2⤵
  PID:478
- /bin/chmod
  chmod +x /Users/run/Library/.mina
  2⤵
  PID:479
- /Users/run/Library/.mina
  /Users/run/Library/.mina
  2⤵
  PID:480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy