5a4bb5c9ae341ec00ab562803c22921c6cca2a5d3556ab4b63f886a9729476d9

General

Target

bfe
Size

173KB
MD5

6b4f59b5cbab5a4f00286d18c017f9d2
SHA1

a87d616ea0f5ffa922f4ba6c545fdcddf8095105
SHA256

091daca999d6fa880398bba5b154a85dc9269d8d6c0dfcfa190a718e44c3ffa8
SHA512

af27968b614d20bbc1e2761bab3a5fc6c604ca2bc27a2245207f910a05aa73077df5a97aa4b2608068eac3ff7991b8d51676c77a820ca4141a65900508b3c0e4

Score

8^/10

Malware Config

Signatures

Identifies hardware specifics through system_profiler 1 IoCs

Processes:

ioc	process
/bin/sh -c "readonly VM_LIST=\"VirtualBox\\\|Oracle\\\|VMware\\\|Parallels\\\|qemu\";is_hwmodel_vm(){ ! sysctl -n hw.model\|grep \"Mac\">/dev/null;};is_ram_vm(){((\$((\$(sysctl -n hw.memsize)/ 1073741824))<4));};is_ped_vm(){ local -r ped=\$(ioreg -rd1 -c IOPlatformExpertDevice);echo \"\${ped}\"\|grep -e \"board-id\" -e \"product-name\" -e \"model\"\|grep -qi \"\${VM_LIST}\"\|\|echo \"\${ped}\"\|grep \"manufacturer\"\|grep -v \"Apple\">/dev/null;};is_vendor_name_vm(){ ioreg -l\|grep -e \"Manufacturer\" -e \"Vendor Name\"\|grep -qi \"\${VM_LIST}\";};is_hw_data_vm(){ system_profiler SPHardwareDataType 2>&1 /dev/null\|grep -e \"Model Identifier\"\|grep -qi \"\${VM_LIST}\";};is_vm(){ is_hwmodel_vm\|\|is_ram_vm\|\|is_ped_vm\|\|is_vendor_name_vm\|\|is_hw_data_vm;};main(){ is_vm&&echo 1\|\|echo 0;};main \"\${@}\""

ioc

process

/bin/sh -c "readonly VM_LIST=\"VirtualBox\\|Oracle\\|VMware\\|Parallels\\|qemu\";is_hwmodel_vm(){ ! sysctl -n hw.model|grep \"Mac\">/dev/null;};is_ram_vm(){((\$((\$(sysctl -n hw.memsize)/ 1073741824))<4));};is_ped_vm(){ local -r ped=\$(ioreg -rd1 -c IOPlatformExpertDevice);echo \"\${ped}\"|grep -e \"board-id\" -e \"product-name\" -e \"model\"|grep -qi \"\${VM_LIST}\"||echo \"\${ped}\"|grep \"manufacturer\"|grep -v \"Apple\">/dev/null;};is_vendor_name_vm(){ ioreg -l|grep -e \"Manufacturer\" -e \"Vendor Name\"|grep -qi \"\${VM_LIST}\";};is_hw_data_vm(){ system_profiler SPHardwareDataType 2>&1 /dev/null|grep -e \"Model Identifier\"|grep -qi \"\${VM_LIST}\";};is_vm(){ is_hwmodel_vm||is_ram_vm||is_ped_vm||is_vendor_name_vm||is_hw_data_vm;};main(){ is_vm&&echo 1||echo 0;};main \"\${@}\""

/bin/sh
sh -c "sudo /Users/run/bfe"
1⤵
PID:502

/bin/bash
sh -c "sudo /Users/run/bfe"
1⤵
PID:502

/usr/bin/sudo
sudo /Users/run/bfe
1⤵
PID:502

/Users/run/bfe
/Users/run/bfe
2⤵
PID:513

/bin/sh
/bin/sh -c "readonly VM_LIST=\"VirtualBox\\|Oracle\\|VMware\\|Parallels\\|qemu\";is_hwmodel_vm(){ ! sysctl -n hw.model|grep \"Mac\">/dev/null;};is_ram_vm(){((\$((\$(sysctl -n hw.memsize)/ 1073741824))<4));};is_ped_vm(){ local -r ped=\$(ioreg -rd1 -c IOPlatformExpertDevice);echo \"\${ped}\"|grep -e \"board-id\" -e \"product-name\" -e \"model\"|grep -qi \"\${VM_LIST}\"||echo \"\${ped}\"|grep \"manufacturer\"|grep -v \"Apple\">/dev/null;};is_vendor_name_vm(){ ioreg -l|grep -e \"Manufacturer\" -e \"Vendor Name\"|grep -qi \"\${VM_LIST}\";};is_hw_data_vm(){ system_profiler SPHardwareDataType 2>&1 /dev/null|grep -e \"Model Identifier\"|grep -qi \"\${VM_LIST}\";};is_vm(){ is_hwmodel_vm||is_ram_vm||is_ped_vm||is_vendor_name_vm||is_hw_data_vm;};main(){ is_vm&&echo 1||echo 0;};main \"\${@}\""
1⤵
PID:514

/bin/bash
/bin/sh -c "readonly VM_LIST=\"VirtualBox\\|Oracle\\|VMware\\|Parallels\\|qemu\";is_hwmodel_vm(){ ! sysctl -n hw.model|grep \"Mac\">/dev/null;};is_ram_vm(){((\$((\$(sysctl -n hw.memsize)/ 1073741824))<4));};is_ped_vm(){ local -r ped=\$(ioreg -rd1 -c IOPlatformExpertDevice);echo \"\${ped}\"|grep -e \"board-id\" -e \"product-name\" -e \"model\"|grep -qi \"\${VM_LIST}\"||echo \"\${ped}\"|grep \"manufacturer\"|grep -v \"Apple\">/dev/null;};is_vendor_name_vm(){ ioreg -l|grep -e \"Manufacturer\" -e \"Vendor Name\"|grep -qi \"\${VM_LIST}\";};is_hw_data_vm(){ system_profiler SPHardwareDataType 2>&1 /dev/null|grep -e \"Model Identifier\"|grep -qi \"\${VM_LIST}\";};is_vm(){ is_hwmodel_vm||is_ram_vm||is_ped_vm||is_vendor_name_vm||is_hw_data_vm;};main(){ is_vm&&echo 1||echo 0;};main \"\${@}\""
1⤵
PID:514

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads