Overview
overview
10Static
static
VirusShare...3a.exe
windows7_x64
10VirusShare...3a.exe
windows10_x64
10VirusShare...3a.exe
windows10-2004_x64
10VirusShare...3a.exe
windows11_x64
VirusShare...3a.exe
macos_amd64
1VirusShare...3a.exe
linux_armhf
VirusShare...3a.exe
linux_mips
VirusShare...3a.exe
linux_mipsel
VirusShare...3a.exe
linux_amd64
Analysis
-
max time kernel
215s -
max time network
1420s -
platform
macos_amd64 -
resource
macos -
submitted
07-04-2022 19:41
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
win10-20220331-en
Behavioral task
behavioral3
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral4
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
win11-20220223-en
Behavioral task
behavioral5
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
macos
Behavioral task
behavioral6
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral7
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral8
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral9
Sample
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe
-
Size
324KB
-
MD5
0d8ff116ce8976fc820c996a6ee90c3a
-
SHA1
f04aa63508e99c54095cba747f31fb28fbfd392e
-
SHA256
25c1c67de6ead9c4efd8372caccfbba80cc77667dd9b172e5535b1c7a7b81a5e
-
SHA512
2c2c7b2eac7ac70d0bba26821a52e72e443428c154368c0ca173ff9901bcfdab386d81a759478ca6e85211003eb5fe3bebef076533eed647ad4803054a38311a
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe1⤵
-
/bin/zsh/bin/zsh -c /Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe2⤵
-
/bin/zsh/bin/zsh -c /Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe2⤵
-
/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe2⤵
-
/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe/Users/run/VirusShare_0d8ff116ce8976fc820c996a6ee90c3a.exe2⤵
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.diagnosticd1⤵
-
/usr/libexec/diagnosticd/usr/libexec/diagnosticd1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/Users/run/Library/Application Support/Oracle/Java/Deployment/deployment.propertiesFilesize
613B
MD59d7d6029c1b76f076eb7fea35399dc01
SHA15283328562e7ab0cf4c731f462652823281aac67
SHA256a25f9192f3c40fc335df84e3bbf4033134672893c809ffb4b9de3b97d8760ced
SHA512005cb910ce6938101ac8b76bc6058129fb8ae1d91eaf755c8eb570c85afe08d5e77566b44a65e9fe8cd447c8dd5ec15a9302dba50f0c2cdcb6d62ad2c1f377c1
-
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/634Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012