Overview

overview

10

Static

static

10

d0febda3a3...c325f0

macos_amd64

1

Analysis

  • max time kernel
    119s
  • max time network
    137s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    21/01/2022, 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0

  • Size

    351KB

  • MD5

    85dbbaa8c4d37ebb9829464f0510787b

  • SHA1

    01d06375cf4042f4e36467078530c776a28cec05

  • SHA256

    d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0

  • SHA512

    8bd3db552e1634b58a505646bc601fe05fa801f51ec3dbb5e892fc2aa0019de778ee310b2199967532a5e4b4b5dd6c8540605f075131400e24e5d6ac38ad81bc

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:611
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0\""
      1⤵
        PID:613
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0\""
        1⤵
          PID:613
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0\""
          1⤵
            PID:613
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
            1⤵
              PID:613
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
              1⤵
                PID:613
                • /bin/zsh
                  /bin/zsh -c /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                  2⤵
                    PID:614
                  • /bin/zsh
                    /bin/zsh -c /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                    2⤵
                      PID:614
                    • /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                      /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                      2⤵
                        PID:614
                      • /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                        /Users/run/d0febda3a3d2d68b0374c26784198dc4309dbe4a8978e44bb7584fd832c325f0
                        2⤵
                          PID:614
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:612
                        • /bin/sh
                          sh -c whoami
                          1⤵
                            PID:615
                          • /bin/bash
                            sh -c whoami
                            1⤵
                              PID:615
                            • /bin/bash
                              sh -c whoami
                              1⤵
                                PID:615
                              • /usr/bin/whoami
                                whoami
                                1⤵
                                  PID:615
                                • /usr/bin/whoami
                                  whoami
                                  1⤵
                                    PID:615
                                  • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
                                    "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
                                    1⤵
                                      PID:617
                                    • /usr/libexec/xpcproxy
                                      xpcproxy com.apple.sysmond
                                      1⤵
                                        PID:641
                                      • /usr/libexec/sysmond
                                        /usr/libexec/sysmond
                                        1⤵
                                          PID:641
                                        • /usr/libexec/xpcproxy
                                          xpcproxy com.apple.newsyslog
                                          1⤵
                                            PID:653
                                          • /usr/sbin/newsyslog
                                            /usr/sbin/newsyslog
                                            1⤵
                                              PID:653

                                            Network

                                            MITRE ATT&CK Matrix

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads