Overview

overview

10

Static

static

10

ef957be85e...7ee1f1

macos_amd64

1

Analysis

  • max time kernel
    144s
  • max time network
    116s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    22/01/2022, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1

  • Size

    83KB

  • MD5

    0e28baa55e242938d6b4776f31a92804

  • SHA1

    92de9872f68d6e52d4a2bd19df08fc5219726ce9

  • SHA256

    ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1

  • SHA512

    5d970fd03266652a91d34ef0c09a59effcf43a6f35060bac95eb00da5c85f4eaa1173e46aaf61eb055169b18a43f79be22d8ddeccd1af1111ff8f7e36fb0e2a5

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:600
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1\""
      1⤵
        PID:601
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1\""
        1⤵
          PID:601
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1\""
          1⤵
            PID:601
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
            1⤵
              PID:601
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
              1⤵
                PID:601
                • /bin/zsh
                  /bin/zsh -c /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                  2⤵
                    PID:604
                  • /bin/zsh
                    /bin/zsh -c /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                    2⤵
                      PID:604
                    • /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                      /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                      2⤵
                        PID:604
                      • /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                        /Users/run/ef957be85e59a929cb8344fef3cd0d0ab442c7eafbf4037b19d8d555027ee1f1
                        2⤵
                          PID:604
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:602
                        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
                          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
                          1⤵
                            PID:619
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.spindump
                            1⤵
                              PID:649
                            • /usr/sbin/spindump
                              /usr/sbin/spindump
                              1⤵
                                PID:649

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads