Resubmissions

08-11-2021 08:45

211108-knqjjabfa3 1

08-11-2021 08:40

211108-kk3dxsbeh8 1

Analysis

  • max time network
    104s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    08-11-2021 08:40

General

  • Target

    RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh

  • Size

    116B

  • MD5

    b72d06251bb316f8ee74487008ea7fb0

  • SHA1

    c06ae91334fa61765aee49e22af930a153f45347

  • SHA256

    15fab5df0239d19678d3766a3455e004c5c198bb917e2bbffdde8853577a803c

  • SHA512

    a28e47481529c2297b9d31c2193fa8c65582fd592eb335388452958a5957c90363d9bb18f0d0a0e274362bbb8a856bdca6127d050b50e7fd13c8f55d42c53791

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh"
    1⤵
      PID:479
    • /bin/bash
      sh -c "sudo /Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh"
      1⤵
        PID:479
      • /usr/bin/sudo
        sudo "/Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh"
        1⤵
          PID:479
          • /Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh
            "/Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh"
            2⤵
              PID:482
            • /bin/bash
              /bin/sh "/Users/run/RecentNews.?fdp.app/Contents/Resources/Libsc/runner.sh"
              2⤵
                PID:482
                • /usr/bin/python
                  python /Users/run/.t/runner.pyc
                  3⤵
                    PID:505
                  • /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
                    /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python /Users/run/.t/runner.pyc
                    3⤵
                      PID:505
                • /bin/ps
                  ps ax
                  1⤵
                    PID:484
                  • /usr/bin/grep
                    grep starter.pyc
                    1⤵
                      PID:485
                    • /usr/bin/grep
                      grep -v grep
                      1⤵
                        PID:486
                      • /usr/bin/awk
                        awk "{print \$1}"
                        1⤵
                          PID:487

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads