gravityrat | 70454f1794ee4626a9d70f58aa570bca14da1c40432a2dd1bec5f51b0efcc13f | Triage

Submit
Reports

Overview

overview

Static

static

GravityRAT.macho

macos_amd64

Analysis

max time network
152s
platform
macos_amd64
resource
macos
submitted
24-06-2021 12:53

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

GravityRAT.macho

Resource

macos

gravityrat backdoor

macos_amd64

0 signatures

0 seconds

Report Analysis Logs

General

Target

GravityRAT.macho
Size

16.4MB
MD5

296c1e8f4d8c997ca410a5d9b33e62ca
SHA1

086b22075d464b327a2bcbf8b66736560a215347
SHA256

70454f1794ee4626a9d70f58aa570bca14da1c40432a2dd1bec5f51b0efcc13f
SHA512

e779f1d48f90eea1400b97ddb14364129abcd4881d84ccc807f0c8585263bd57e0b102456d3ee6d68adbea6221cc0956baabc851bd649ca35d06861f89a1f2fe

Score

10^/10

gravityrat backdoor

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Processes

/bin/sh
sh -c "sudo /Users/run/GravityRAT.macho"
1⤵
PID:482

/bin/bash
sh -c "sudo /Users/run/GravityRAT.macho"
1⤵
PID:482

/usr/bin/sudo
sudo /Users/run/GravityRAT.macho
1⤵
PID:482
- /Users/run/GravityRAT.macho
  /Users/run/GravityRAT.macho
  2⤵
  PID:488
- - /Users/run/GravityRAT.macho
    /Users/run/GravityRAT.macho
    3⤵
    PID:492

/bin/sh
sh -c "uname -p 2> /dev/null"
1⤵
PID:494

/bin/bash
sh -c "uname -p 2> /dev/null"
1⤵
PID:494
- /usr/bin/uname
  uname -p
  2⤵
  PID:495

/bin/sh
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/product-name/{print \$(NF-1)}'"
1⤵
PID:496

/bin/bash
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/product-name/{print \$(NF-1)}'"
1⤵
PID:496
- /usr/sbin/ioreg
  ioreg -c IOPlatformExpertDevice -d 2
  2⤵
  PID:497
- /usr/bin/awk
  awk "-F\"" "/product-name/{print \$(NF-1)}"
  2⤵
  PID:498

/bin/sh
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/board-id/{print \$(NF-1)}'"
1⤵
PID:499

/bin/bash
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/board-id/{print \$(NF-1)}'"
1⤵
PID:499
- /usr/sbin/ioreg
  ioreg -c IOPlatformExpertDevice -d 2
  2⤵
  PID:500
- /usr/bin/awk
  awk "-F\"" "/board-id/{print \$(NF-1)}"
  2⤵
  PID:501

/bin/sh
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/manufacturer/{print \$(NF-1)}'"
1⤵
PID:502

/bin/bash
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/manufacturer/{print \$(NF-1)}'"
1⤵
PID:502
- /usr/bin/awk
  awk "-F\"" "/manufacturer/{print \$(NF-1)}"
  2⤵
  PID:504
- /usr/sbin/ioreg
  ioreg -c IOPlatformExpertDevice -d 2
  2⤵
  PID:503

/bin/sh
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/model/{print \$(NF-1)}'"
1⤵
PID:505

/bin/bash
sh -c "ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\\" '/model/{print \$(NF-1)}'"
1⤵
PID:505
- /usr/sbin/ioreg
  ioreg -c IOPlatformExpertDevice -d 2
  2⤵
  PID:506
- /usr/bin/awk
  awk "-F\"" "/model/{print \$(NF-1)}"
  2⤵
  PID:507

/bin/sh
sh -c "ls ~/Library/Safari"
1⤵
PID:508

/bin/bash
sh -c "ls ~/Library/Safari"
1⤵
PID:508

/bin/ls
ls /Users/run/Library/Safari
1⤵
PID:508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/private/var/enigma/tidb.sqlite3-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

© 2018-2024

Terms | Privacy