Overview

overview

1

Static

static

sample

windows10-2004_x64

1

sample

macos_amd64

1

Analysis

  • max time kernel
    159s
  • max time network
    262s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • submitted
    06-07-2022 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample

  • Size

    5B

  • MD5

    4842e206e4cfff2954901467ad54169e

  • SHA1

    80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

  • SHA256

    2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

  • SHA512

    ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:488
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:489
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:490
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/sample\""
          1⤵
            PID:492
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/sample\""
            1⤵
              PID:492
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/sample\""
              1⤵
                PID:492
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/sample
                1⤵
                  PID:492
                • /usr/bin/sudo
                  sudo /bin/zsh -c /Users/run/sample
                  1⤵
                    PID:492
                    • /bin/zsh
                      /bin/zsh -c /Users/run/sample
                      2⤵
                        PID:498
                      • /bin/zsh
                        /bin/zsh -c /Users/run/sample
                        2⤵
                          PID:498
                        • /Users/run/sample
                          /Users/run/sample
                          2⤵
                            PID:498
                          • /Users/run/sample
                            /Users/run/sample
                            2⤵
                              PID:498
                            • /bin/sh
                              sh /Users/run/sample
                              2⤵
                                PID:498
                              • /bin/sh
                                sh /Users/run/sample
                                2⤵
                                  PID:498
                                • /bin/bash
                                  sh /Users/run/sample
                                  2⤵
                                    PID:498
                                  • /bin/bash
                                    sh /Users/run/sample
                                    2⤵
                                      PID:498

                                  Network

                                  MITRE ATT&CK Matrix

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads