2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021

Analysis

max time kernel
10s
max time network
16s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30-09-2022 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
Size

665KB
MD5

53f85e46838d4fc697e224269f11f910
SHA1

834c39e7ffeafa3f8d0ba5b741a59fa24bd14d19
SHA256

2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
SHA512

4a5e0227c26cf4bf40b7e64e93a99f6b01534421fe912cefc080eed9b948eb31142271dea8ff29d8d112464f8a71311bd166fe36fd45ae340fe8a2aa1a15cbd9
SSDEEP

12288:kUs1cMXbFxSGiUhujrCiIhUfQNd6bKpQttG2zyP+9TcoD3TPX1Fpxm0NRs8dA:kFGMrFUGhNKpdmP+9JD3TPXrpo03soA

Score

4^/10

link pdf

Malware Config

Signatures

HTTP links in PDF interactive object 2 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf	pdf_with_link_action
/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf	pdf_with_link_action

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:499

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:501

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021\""
1⤵
PID:502

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021\""
1⤵
PID:502

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021\""
1⤵
PID:502

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
1⤵
PID:502

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
1⤵
PID:502

/bin/zsh
/bin/zsh -c /Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
2⤵
PID:513

/bin/zsh
/bin/zsh -c /Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
2⤵
PID:513

/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
2⤵
PID:513

/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
/Users/run/2c90feda656d4351c7ad33b03202531a96bc455b8655c4e90624e6f853447021
2⤵
PID:513

/bin/bash
bash -c "(printf '[8;1;1t' && printf '[2t') 2>&1"
3⤵
PID:514

/bin/bash
bash -c "(printf '[8;1;1t' && printf '[2t') 2>&1"
3⤵
PID:514

/bin/bash
bash -c "(open '/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf' && rm -rf '/Users/run/Library/Saved Application State/com.apple.Terminal.savedState') 2>&1"
3⤵
PID:516

/bin/bash
bash -c "(open '/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf' && rm -rf '/Users/run/Library/Saved Application State/com.apple.Terminal.savedState') 2>&1"
3⤵
PID:516

/bin/bash
bash -c "(tar zxvf '/Users/run/Library/WifiPreference/wifianalyticsagent_' -C '/Users/run/Library/WifiPreference') 2>&1"
3⤵
PID:527

/bin/bash
bash -c "(tar zxvf '/Users/run/Library/WifiPreference/wifianalyticsagent_' -C '/Users/run/Library/WifiPreference') 2>&1"
3⤵
PID:527

/usr/bin/tar
tar zxvf /Users/run/Library/WifiPreference/wifianalyticsagent_ -C /Users/run/Library/WifiPreference
4⤵
PID:528

/usr/bin/tar
tar zxvf /Users/run/Library/WifiPreference/wifianalyticsagent_ -C /Users/run/Library/WifiPreference
4⤵
PID:528

/bin/bash
bash -c "(tar zxvf '/Users/run/Library/WifiPreference/WifiAnalytics_' -C '/Users/run/Library/WifiPreference') 2>&1"
3⤵
PID:529

/bin/bash
bash -c "(tar zxvf '/Users/run/Library/WifiPreference/WifiAnalytics_' -C '/Users/run/Library/WifiPreference') 2>&1"
3⤵
PID:529

/usr/bin/tar
tar zxvf /Users/run/Library/WifiPreference/WifiAnalytics_ -C /Users/run/Library/WifiPreference
4⤵
PID:530

/usr/bin/tar
tar zxvf /Users/run/Library/WifiPreference/WifiAnalytics_ -C /Users/run/Library/WifiPreference
4⤵
PID:530

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:532

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:532

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:533

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:533

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:534

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:534

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:535

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:535

/bin/bash
bash -c "(open -a '/Users/run/Library/WifiPreference/WifiAnalyticsServ.app') 2>&1"
3⤵
PID:536

/bin/bash
bash -c "(open -a '/Users/run/Library/WifiPreference/WifiAnalyticsServ.app') 2>&1"
3⤵
PID:536

/usr/bin/open
open -a /Users/run/Library/WifiPreference/WifiAnalyticsServ.app
4⤵
PID:537

/usr/bin/open
open -a /Users/run/Library/WifiPreference/WifiAnalyticsServ.app
4⤵
PID:537

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:545

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:545

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:546

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:546

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:547

/bin/bash
bash -c "(pgrep -f wifianalyticsagent) 2>&1"
3⤵
PID:547

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:548

/usr/bin/pgrep
pgrep -f wifianalyticsagent
4⤵
PID:548

/bin/bash
bash -c "(killall Terminal) 2>&1"
3⤵
PID:549

/bin/bash
bash -c "(killall Terminal) 2>&1"
3⤵
PID:549

/usr/bin/killall
killall Terminal
4⤵
PID:550

/usr/bin/killall
killall Terminal
4⤵
PID:550

/usr/bin/open
open /Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf
1⤵
PID:518

/usr/bin/open
open /Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf
1⤵
PID:518

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:525

/bin/rm
rm -rf "/Users/run/Library/Saved Application State/com.apple.Terminal.savedState"
1⤵
PID:526

/bin/rm
rm -rf "/Users/run/Library/Saved Application State/com.apple.Terminal.savedState"
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy finder.fonts.extractor.2300
1⤵
PID:538

/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/MacOS/WifiAnalyticsServ
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/MacOS/WifiAnalyticsServ
1⤵
PID:538

/Users/run/Library/WifiPreference/wifianalyticsagent
/Users/run/Library/WifiPreference/wifianalyticsagent
2⤵
PID:540

/Users/run/Library/WifiPreference/wifianalyticsagent
/Users/run/Library/WifiPreference/wifianalyticsagent
2⤵
PID:540

/bin/sh
sh -c "sw_vers -productVersion"
1⤵
PID:541

/bin/bash
sh -c "sw_vers -productVersion"
1⤵
PID:541

/bin/bash
sh -c "sw_vers -productVersion"
1⤵
PID:541

/usr/bin/sw_vers
sw_vers -productVersion
1⤵
PID:541

/usr/bin/sw_vers
sw_vers -productVersion
1⤵
PID:541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/LaunchAgents/com.wifianalyticsagent.plist
Filesize
467B

MD5
552c6d4c5c7522bcbe1c105d59ae69a7

SHA1
323b407e4e2e808d33c9182a28fc86de343404be

SHA256
4a4d4a14aa4602ad3d7faefcbf57dc34d750563287433ae3220a470ada50491e

SHA512
d96a5909ff36f722e3a2ff676885655119104628362da1d26ea2220d41029a4332c1e8049f54a812ddcbb3e1f5397ab421efca2c1a36eba66f23a1b1b053b4b6

Download Submit
/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf
Filesize
533KB

MD5
beaa78ddacaaab5353e3a3e6dab7ccfd

SHA1
65b7091af6279cf0e426a7b9bdc4591679420380

SHA256
a368e46597649689a5d8f98662aed76358104cde2bc3363df8395ac8211b9052

SHA512
05ff3e231f3746157c8a042115321da2c4a93b83d9007fd6e4e34fffcbec9d71e7155eff5d1209a4b448bdea3e43994b8fb4ac9b767c4da0c7104d938101483b

Download Submit
/Users/run/Library/WifiPreference/Crypto.com_Job_Opportunities_2022_confidential.pdf
Filesize
533KB

MD5
beaa78ddacaaab5353e3a3e6dab7ccfd

SHA1
65b7091af6279cf0e426a7b9bdc4591679420380

SHA256
a368e46597649689a5d8f98662aed76358104cde2bc3363df8395ac8211b9052

SHA512
05ff3e231f3746157c8a042115321da2c4a93b83d9007fd6e4e34fffcbec9d71e7155eff5d1209a4b448bdea3e43994b8fb4ac9b767c4da0c7104d938101483b

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Info.plist
Filesize
1KB

MD5
d9dc0ec1fa7515d108178ca21eaa76e0

SHA1
168f1cca51c43e459b9400bdd9f0bf2932f18953

SHA256
44af578615bc25256277a0e44325d7c63491d70a7cc2e54174770a221e574b12

SHA512
9d6a49985c3571653c21f239f88867a4ba9d249fd671d9a1030d0997b18340b791bed9bbbf6e4eee62fe7373c9f59ba9acd232283f8425fc264a7cf4457580b9

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Info.plist
Filesize
1KB

MD5
d9dc0ec1fa7515d108178ca21eaa76e0

SHA1
168f1cca51c43e459b9400bdd9f0bf2932f18953

SHA256
44af578615bc25256277a0e44325d7c63491d70a7cc2e54174770a221e574b12

SHA512
9d6a49985c3571653c21f239f88867a4ba9d249fd671d9a1030d0997b18340b791bed9bbbf6e4eee62fe7373c9f59ba9acd232283f8425fc264a7cf4457580b9

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Info.plist
Filesize
1KB

MD5
d9dc0ec1fa7515d108178ca21eaa76e0

SHA1
168f1cca51c43e459b9400bdd9f0bf2932f18953

SHA256
44af578615bc25256277a0e44325d7c63491d70a7cc2e54174770a221e574b12

SHA512
9d6a49985c3571653c21f239f88867a4ba9d249fd671d9a1030d0997b18340b791bed9bbbf6e4eee62fe7373c9f59ba9acd232283f8425fc264a7cf4457580b9

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/MacOS/WifiAnalyticsServ
Filesize
182KB

MD5
221cc77ffef7f8edc9ffed09e1f46fc3

SHA1
1f0f9020f72aa5a38a89ffd6cd000ed8a2b49edc

SHA256
99430d805aa11ccb157ae9b44f77b63994b6241119b55eb957f1e5fd5f4c1b01

SHA512
c024322561705714a1e26e3f7ed0433bf311137054bd7c48447b3ecda0c7f54f134cc3bdec46a241a82bf2d7c21ef8cccaa04f88346ef256527607d7f3444c7b

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/MacOS/WifiAnalyticsServ
Filesize
182KB

MD5
221cc77ffef7f8edc9ffed09e1f46fc3

SHA1
1f0f9020f72aa5a38a89ffd6cd000ed8a2b49edc

SHA256
99430d805aa11ccb157ae9b44f77b63994b6241119b55eb957f1e5fd5f4c1b01

SHA512
c024322561705714a1e26e3f7ed0433bf311137054bd7c48447b3ecda0c7f54f134cc3bdec46a241a82bf2d7c21ef8cccaa04f88346ef256527607d7f3444c7b

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/MacOS/WifiAnalyticsServ
Filesize
182KB

MD5
221cc77ffef7f8edc9ffed09e1f46fc3

SHA1
1f0f9020f72aa5a38a89ffd6cd000ed8a2b49edc

SHA256
99430d805aa11ccb157ae9b44f77b63994b6241119b55eb957f1e5fd5f4c1b01

SHA512
c024322561705714a1e26e3f7ed0433bf311137054bd7c48447b3ecda0c7f54f134cc3bdec46a241a82bf2d7c21ef8cccaa04f88346ef256527607d7f3444c7b

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/PkgInfo
Filesize
8B

MD5
23b7d7d024abb0f558420e098800bf27

SHA1
9f9eea0cfe2d65f2c3d6b092e375b40782d08f31

SHA256
82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0

SHA512
f77d501528dd0ced155c80406cfbee38d5d3649b64d2a9324f3d6cee39491eb8f54cdebae49c6e21a20d2309d8fae1b01c41631224811e73483db25a2695738c

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Resources/en.lproj/Credits.rtf
Filesize
436B

MD5
f0d4a61caf597423ff07c5e9b24a345e

SHA1
60a248148b319de26e36424d25021c2488e23ce8

SHA256
b4386fe1cef65cd91e6c8ecc065d117089083f91b7cadbf0c3e5eae20e8b9640

SHA512
e361011499cf70fc71e247fdda71f49d913654a983aa4ae67d00dc977e53b9cf0d88d4d2ac07efe248261c3ab6e3345e829e22dda3e51dccc221a94c660ace69

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Resources/en.lproj/InfoPlist.strings
Filesize
92B

MD5
51ef59b60e5b41b91519cc662a9fe886

SHA1
3222ca0c39eb50aaf8126baf852e55430c4718af

SHA256
39cf2ee07b7b333e7c179d0bf4d798a5b72af6a4e584f51e642703bbfa4fc828

SHA512
3952a908b72d44040f5072f6344f6327fc78981c3aa55e931acae84c0c9bcc0d148991cd564af4803765c328cbf5f7efe9eb558fc56e47e8206b7b706026f30a

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Resources/en.lproj/InfoPlist.strings
Filesize
92B

MD5
51ef59b60e5b41b91519cc662a9fe886

SHA1
3222ca0c39eb50aaf8126baf852e55430c4718af

SHA256
39cf2ee07b7b333e7c179d0bf4d798a5b72af6a4e584f51e642703bbfa4fc828

SHA512
3952a908b72d44040f5072f6344f6327fc78981c3aa55e931acae84c0c9bcc0d148991cd564af4803765c328cbf5f7efe9eb558fc56e47e8206b7b706026f30a

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Resources/en.lproj/MainMenu.nib/keyedobjects-101300.nib
Filesize
21KB

MD5
01004f719e4a15d64a3938a64c60bb11

SHA1
1f4e3c37419cd1525905416c0ef25ce45378843a

SHA256
575bed110eb9d12b6aaaf150ccdaebf6340a8cf20c169c0b84e2399ac5e0e735

SHA512
d25231e66d7fee7ee9f21d2afe1ab093b36ac663b17ffc50f1a43a7b9803e6a6c5763ce64186f42c8a11003a4524188dd20c56b6fbe7a65010fdc7ca31fa8da8

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/Resources/en.lproj/MainMenu.nib/keyedobjects.nib
Filesize
28KB

MD5
8a47cdab4a76bb07fae8716fd82e493a

SHA1
d5b6e11e95fe060dbd1518b958b20cb141486fa4

SHA256
4268b59f4b54178ef805868e7b5df5cd6c83164f779ca263c23f11786c806684

SHA512
e68f88f397680a2d7b1ffafe359f90b825338baa1f53cae0f972274912559995c6239204d4afa320b83e20fea1a29866572d51a48a14abecdb016b1bd1c03b9d

Download Submit
/Users/run/Library/WifiPreference/WifiAnalyticsServ.app/Contents/_CodeSignature/CodeResources
Filesize
3KB

MD5
38fa43e7a84ce9a960d61e33e186856c

SHA1
5d0faeceaf64ffd012667a620e9e1efa5749698c

SHA256
2b714316a71aefe9f34849c105d3de977c4947b4bcdbe60cf760e4382aa6dd3e

SHA512
e3daea30b5b9ecde31b4fdda564947c2eee7e0f13a04eac70c12fabc2c612604258d6eeb33ffecdd992514a81c068a75f0950fd19973edd9ddb57836c4704b12

Download Submit
/Users/run/Library/WifiPreference/WifiAnalytics_
Filesize
49KB

MD5
a19c9b060006e5f12f7561879d790383

SHA1
fce2319f6bc875dbe51d103bebd5122a99565fc9

SHA256
06b3623f67aacdc964a6c68d5a7568f93d4d56b1d3a8175d7c9069ed6f706ac1

SHA512
813600e85bcb317d947ccf24456960c2759f1e609af5974aa2bdbb2425a1c96b49458b6b46bd32d5020b8c99d978fd15b171690b23b78518097d4f2052fdfc59

Download Submit
/Users/run/Library/WifiPreference/WifiAnalytics_
Filesize
49KB

MD5
a19c9b060006e5f12f7561879d790383

SHA1
fce2319f6bc875dbe51d103bebd5122a99565fc9

SHA256
06b3623f67aacdc964a6c68d5a7568f93d4d56b1d3a8175d7c9069ed6f706ac1

SHA512
813600e85bcb317d947ccf24456960c2759f1e609af5974aa2bdbb2425a1c96b49458b6b46bd32d5020b8c99d978fd15b171690b23b78518097d4f2052fdfc59

Download Submit
/Users/run/Library/WifiPreference/wifianalyticsagent
Filesize
150KB

MD5
4cc3f28805cf186ba40229c25df9506f

SHA1
1b32f332e7fc91252181f0626da05ae989095d71

SHA256
d050d387b0754e97d9feef87e95cb198d5a4765b7bc3f8cb9352296e5b119655

SHA512
dc10bbfc80224fa56ffff324255082631d37fe62d43bdb51284e1b61e09cdc9f7a70c157430eb58557e75ce4e3a76288553f51591724c990e0fc1fdd04ada9ec

Download Submit
/Users/run/Library/WifiPreference/wifianalyticsagent_
Filesize
11KB

MD5
7fea9c32af2f6ffbe1dc149b6d79611c

SHA1
007f113e8de41105cb76ab77249e09bdd648e7e5

SHA256
da49517af5b03cd671950e7c2c8c5eac087112e44f5ccebc28fa5d8c378d12cd

SHA512
591b6a0a40f742ba8c98803230d0d8917c33ffcce3f53122fb685a1be847b7321fc1f6e7b23353ed6b4d3a5bad4fbb84fce7fa622269e25dbd879fdffd2ea86c

Download Submit
/Users/run/Library/WifiPreference/wifianalyticsagent_
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit