Overview
overview
10Static
static
URLScan
urlscan
10https://api.viglink....
windows7-x64
1https://api.viglink....
android-9-x86
1https://api.viglink....
android-10-x64
1https://api.viglink....
android-11-x64
7https://api.viglink....
macos-10.15-amd64
1https://api.viglink....
ubuntu-18.04-amd64
https://api.viglink....
debian-9-armhf
https://api.viglink....
debian-9-mips
https://api.viglink....
debian-9-mipsel
Analysis
-
max time kernel
145s -
max time network
125s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
04-10-2022 22:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral3
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
android-x64-20220823-en
Behavioral task
behavioral4
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral5
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
macos-20220504-en
Behavioral task
behavioral6
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral7
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral8
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral9
Sample
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Resource
debian9-mipsel-en-20211208
General
-
Target
https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f"1⤵
-
/usr/bin/sudosudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f"1⤵
-
/bin/zsh/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f"2⤵
-
/bin/zsh/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://api.viglink.com/api/click?jsefdetfjyabksfjftji&out=%68%74%74%70%3Amomyhipfyx%2E%69%6C%69%31%2E%63%79%6F%75%2Fkbvet/eu/Y21WaFkyTnBiMjVoWkhabGNuTmhRR2R5ZFhCdlltbHZiV1Z3TG1OdmJTNXRlQT09OmF6YXp0cHF2ZWo=&key=fd5de1d096b38be9fffd6ddc1948df4f"2⤵
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/usr/bin/bzip2/usr/bin/bzip2 -f /var/log/wifi.log.01⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/private/var/log/wifi.log.0.bz2Filesize
638B
MD52078e18788911bff841705adc5036680
SHA1c095b020b4846799d4dc58b4f19a6b3eb1fa3db6
SHA256c2c6e80aea0fde22438b11b349b99279bb039b767686ea94329aa7746c49c62f
SHA5125d4a27cd66ac5e66d96e2bc17f3432ec08179bcaf92c8d0706e316fac11f0bac6d011329bd4e524b8a2423eb09650d98e3d6517da2a31b9cb99bb83b1925ac42
-
/private/var/log/wifi.log.0.bz2Filesize
638B
MD52078e18788911bff841705adc5036680
SHA1c095b020b4846799d4dc58b4f19a6b3eb1fa3db6
SHA256c2c6e80aea0fde22438b11b349b99279bb039b767686ea94329aa7746c49c62f
SHA5125d4a27cd66ac5e66d96e2bc17f3432ec08179bcaf92c8d0706e316fac11f0bac6d011329bd4e524b8a2423eb09650d98e3d6517da2a31b9cb99bb83b1925ac42