2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f

Resubmissions

12-04-2022 19:35

220412-yarfkaafg8 1

23-03-2022 19:14

220323-xxws5aada5 1

23-03-2022 19:11

220323-xwehfsehen 1

Analysis

max time kernel
103s
max time network
106s
platform
macos_amd64
resource
macos
submitted
23-03-2022 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
Size

713KB
MD5

23699799f496b8e872d05f19d2b397f8
SHA1

fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8
SHA256

2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f
SHA512

f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:600

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr\""
1⤵
PID:601

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr\""
1⤵
PID:601

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr\""
1⤵
PID:601

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
1⤵
PID:601

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
1⤵
PID:601
- /bin/zsh
  /bin/zsh -c /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:605
- /bin/zsh
  /bin/zsh -c /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:605
- /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:605
- /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:605

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:602

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:604

/bin/sh
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:606

/bin/bash
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:606

/bin/bash
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:606
- /bin/ps
  ps -ef
  2⤵
  PID:607
- /bin/ps
  ps -ef
  2⤵
  PID:607
- /usr/bin/grep
  grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:609
- /usr/bin/grep
  grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:609
- /usr/bin/grep
  grep -v "CorelDRAW\\s*Graphics\\s*Suite"
  2⤵
  PID:610
- /usr/bin/grep
  grep -v "CorelDRAW\\s*Graphics\\s*Suite"
  2⤵
  PID:610
- /usr/bin/grep
  grep CorelDRAW
  2⤵
  PID:608
- /usr/bin/grep
  grep CorelDRAW
  2⤵
  PID:608
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:611
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:611
- /usr/bin/xargs
  xargs kill -9
  2⤵
  PID:612
- /usr/bin/xargs
  xargs kill -9
  2⤵
  PID:612

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
1⤵
PID:634

/usr/bin/kill
kill -9 608 610
1⤵
PID:636

/usr/bin/kill
kill -9 608 610
1⤵
PID:636

/bin/kill
kill -9 608 610
1⤵
PID:636

/bin/kill
kill -9 608 610
1⤵
PID:636

/bin/sh
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:637

/bin/bash
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:637

/bin/bash
sh -c "ps -ef |grep CorelDRAW |grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr |grep -v 'CorelDRAW\\s*Graphics\\s*Suite' |awk '{print \$2}' |xargs kill -9"
1⤵
PID:637
- /bin/ps
  ps -ef
  2⤵
  PID:638
- /bin/ps
  ps -ef
  2⤵
  PID:638
- /usr/bin/grep
  grep CorelDRAW
  2⤵
  PID:639
- /usr/bin/grep
  grep CorelDRAW
  2⤵
  PID:639
- /usr/bin/grep
  grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:640
- /usr/bin/grep
  grep -v /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr
  2⤵
  PID:640
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:642
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:642
- /usr/bin/xargs
  xargs kill -9
  2⤵
  PID:643
- /usr/bin/xargs
  xargs kill -9
  2⤵
  PID:643
- /usr/bin/grep
  grep -v "CorelDRAW\\s*Graphics\\s*Suite"
  2⤵
  PID:641
- /usr/bin/grep
  grep -v "CorelDRAW\\s*Graphics\\s*Suite"
  2⤵
  PID:641

/usr/bin/kill
kill -9 639 641
1⤵
PID:644

/usr/bin/kill
kill -9 639 641
1⤵
PID:644

/bin/kill
kill -9 639 641
1⤵
PID:644

/bin/kill
kill -9 639 641
1⤵
PID:644

/bin/sh
sh -c "cp /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr /var/root/Library/Preferences/CorelDRAW/CorelDRAW"
1⤵
PID:645

/bin/bash
sh -c "cp /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr /var/root/Library/Preferences/CorelDRAW/CorelDRAW"
1⤵
PID:645

/bin/bash
sh -c "cp /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr /var/root/Library/Preferences/CorelDRAW/CorelDRAW"
1⤵
PID:645

/bin/cp
cp /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr /var/root/Library/Preferences/CorelDRAW/CorelDRAW
1⤵
PID:645

/bin/cp
cp /Users/run/2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f.mlwr /var/root/Library/Preferences/CorelDRAW/CorelDRAW
1⤵
PID:645

/bin/sh
sh -c "launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:646

/bin/bash
sh -c "launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:646

/bin/bash
sh -c "launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:646

/bin/launchctl
launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist
1⤵
PID:646

/bin/launchctl
launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist
1⤵
PID:646

/bin/sh
sh -c "launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:647

/bin/bash
sh -c "launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:647

/bin/bash
sh -c "launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist"
1⤵
PID:647

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist
1⤵
PID:647

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist
1⤵
PID:647

/usr/libexec/xpcproxy
xpcproxy com.CorelDRAW.va.plist
1⤵
PID:648

/var/root/Library/Preferences/CorelDRAW/CorelDRAW
/var/root/Library/Preferences/CorelDRAW/CorelDRAW
1⤵
PID:648

/bin/ls
ls
1⤵
PID:660

/bin/ls
ls
1⤵
PID:660

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:663

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:663

/bin/ls
ls /Volumes
1⤵
PID:664

/bin/ls
ls /Volumes
1⤵
PID:664

/bin/ls
ls /Volumes/new
1⤵
PID:666

/bin/ls
ls /Volumes/new
1⤵
PID:666

/bin/ls
ls /Volumes/kekje
1⤵
PID:667

/bin/ls
ls /Volumes/kekje
1⤵
PID:667

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/LaunchDaemons/.dat.nosync025d.rHHYdZ

MD5
93b1fba1725a0553ae1c33b7e9f507d3

SHA1
4eaef620d7c09baafa96d6ee7d40cc5c8925fe23

SHA256
3fff484073e2dcb8e724bb6527bcea19afeb9408bc179b358b299e369b7b0937

SHA512
5d3a52b8b513354409fc1793d89b3cc51863cdce732a06f3a01c66944db4832acb4c9e6dffc30ff05cb6fb5ca438326bdff5149eccc10be8a8adb57a728aff24

Download Submit
/Users/run/Library/Application Support/Oracle/Java/Deployment/deployment.properties

MD5
7919dc866b5c6ee5b230c380281bb7fc

SHA1
450d29bb505b68401f89f2f1b7ee7fbf37f75d76

SHA256
1a59e27a0ddd8f9f85846249b3c898f92a2d3944b9341cc8a9d278bc6f60b51b

SHA512
edcf7ddd3f08d487098086ab83eedff19ee009273f92a99c17aaa9c667d6d9fd6a12d9b0b0e99a530bf4afb440e4561d20962cdf3ac1b09cb7599ad97388da97

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/634

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/CorelDRAW

MD5
23699799f496b8e872d05f19d2b397f8

SHA1
fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8

SHA256
2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f

SHA512
f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/CorelDRAW

MD5
23699799f496b8e872d05f19d2b397f8

SHA1
fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8

SHA256
2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f

SHA512
f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.2BqAYQ

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.4KTsyM

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.7yEkTQ

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.Bn1jUg

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.FypYua

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.WmPi8O

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.WxUvLm

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.cer2PQ

MD5
20134ebea260d8147e0973d909c5ec76

SHA1
f5f3af403c8490a928917b96d027d00bf531a2d1

SHA256
227dc0ed1d597d9346fa0f2879d3107a85dc56b6f1e072f2d7d6848b7061e169

SHA512
b9041fa31fc5fe6e96a48fced220c6eb124eccaaf31d51947bc9b62e341bdbe3b8db83ec34eb2d4b2328740a27f3de7d38a154569293d4d5d32e151bd11b8d91

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.e7ButK

MD5
6e33b0af723946e4221eeaef5eb2edbf

SHA1
45e9a237aadd30e109a0c66a148c8a53d3745dab

SHA256
8308269c3a46c722b847b18109aebfd8554a463e3abbc864c08527c83bb5cde3

SHA512
b5c74696a62089478f68839a9ff5aa227d13504737eeae164d863465eedc23783fb2742c624a90d4a6eb5ea23e12db7945fd4428409e6d5a6858e725ef716a60

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.ghJPsN

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.m97fU5

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit
/private/var/root/Library/Preferences/CorelDRAW/MGD/tmp/.dat.nosync0288.tnIYOi

MD5
c0238a4201674b71c06684994556a818

SHA1
402b10d5989c24997ce373729515201c918ac031

SHA256
67d07ff7678879c8ce5491b1999373d18f158640f65627379d0ec37c7f807e52

SHA512
3bf11c0e0c9521afbb088caa110ef0b7a9093e1ba4a3cb917ccbe56f964964f402eb58db20ebcbd8e67c3fff5f009e27753b2b8b471e4f3f95b5d3e78a6a6836

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads