96995eadf0555a4f7759c817a64f58810b64a423ab172ac809c373f381d5cd3e | Triage

Submit
Reports

Overview

overview

Static

static

1

filecoder.dmg

macos_amd64

1

flawedammyy.exe

windows7_x64

flawedammyy.exe

windows10-2004_x64

qakbot.dll

windows7_x64

qakbot.dll

windows10-2004_x64

redline.exe

windows7_x64

redline.exe

windows10-2004_x64

seon.exe

windows7_x64

seon.exe

windows10-2004_x64

Analysis

max time kernel
134s
max time network
120s
platform
macos_amd64
resource
macos-20220504-en
submitted
24-06-2022 13:37

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

filecoder.dmg

Resource

macos-20220504-en

macos_amd64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

flawedammyy.exe

Resource

win7-20220414-en

ammyyadmin flawedammyy evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

flawedammyy.exe

Resource

win10v2004-20220414-en

ammyyadmin flawedammyy evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

qakbot.dll

Resource

win7-20220414-en

qakbot tr 1619706851 banker stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

qakbot.dll

Resource

win10v2004-20220414-en

qakbot tr 1619706851 banker stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

redline.exe

Resource

win7-20220414-en

redline kreator infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

redline.exe

Resource

win10v2004-20220414-en

redline kreator infostealer

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

seon.exe

Resource

win7-20220414-en

seon ransomware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

seon.exe

Resource

win10v2004-20220414-en

seon ransomware trojan

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

filecoder.dmg
Size

2.5MB
MD5

5557a06822358ea7814891631f7df8ce
SHA1

f6e215ed5a1623de05c6f63033aa4f6d1a5696d6
SHA256

f8dd1edd285ba0ee23250d7925dd7c230aaf3845ceedb6bcfe2913815c8775db
SHA512

a592d44e8942dd223792baf0180bb4d06d0d9e0e2740a64c86c89435cefc3a704acc86ab0caee207eb549f7e8eaee777b66178bd4ac7f7c331d981b7e40a0d5b

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/filecoder/filecoder.app\""
1⤵
PID:529

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/filecoder/filecoder.app\""
1⤵
PID:529

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/filecoder/filecoder.app\""
1⤵
PID:529

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/filecoder/filecoder.app"
1⤵
PID:529

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/filecoder/filecoder.app"
1⤵
PID:529
- /bin/zsh
  /bin/zsh -c "open /Volumes/filecoder/filecoder.app"
  2⤵
  PID:530
- /bin/zsh
  /bin/zsh -c "open /Volumes/filecoder/filecoder.app"
  2⤵
  PID:530
- /usr/bin/open
  open /Volumes/filecoder/filecoder.app
  2⤵
  PID:530
- /usr/bin/open
  open /Volumes/filecoder/filecoder.app
  2⤵
  PID:530

/usr/libexec/xpcproxy
xpcproxy NULL.prova.2300
1⤵
PID:531

/Volumes/filecoder/filecoder.app/Contents/MacOS/Office 2016 Patcher
"/Volumes/filecoder/filecoder.app/Contents/MacOS/Office 2016 Patcher"
1⤵
PID:531

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy