Overview

overview

1

Static

static

Ź®«¨a...13.pdf

macos-10.15-amd64

1

Analysis

  • max time kernel
    15s
  • max time network
    28s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    20/10/2022, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf

  • Size

    582KB

  • MD5

    388ed5269a1235cbab157bee70276b6f

  • SHA1

    9f8c2a10debe563efd93d90688fb630a23a1909b

  • SHA256

    2144c07936a9e1e2f6e80da80f0976f11012e0beeaea93d54ad4d00a33b59c22

  • SHA512

    c481010b157987cfe8f13d5b02dbcfdf9a90cb35c7a10176e7e50814beaeff838e0dcd947c8719c7dc3bc9339a27403a9ff8b6a8d715b157b921367bd9db48d4

  • SSDEEP

    12288:Ew/td20qv9CKd+3zDOwhwyKAhH//w3DN7gIOgv0wyEW:EwChlCKd+3HtzJWN7gov0wg

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf\""
    1⤵
      PID:496
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf\""
      1⤵
        PID:496
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf\""
        1⤵
          PID:496
        • /usr/bin/sudo
          sudo /bin/zsh -c "/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf"
          1⤵
            PID:496
          • /usr/bin/sudo
            sudo /bin/zsh -c "/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf"
            1⤵
              PID:496
              • /bin/zsh
                /bin/zsh -c "/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf"
                2⤵
                  PID:506
                • /bin/zsh
                  /bin/zsh -c "/Users/run/Ź®«¨â¨Ş  ¨­ä®ŕ¬ ć¨®­­®© ˇĄ§®Ż á­®á⨠ă⢠‘„ ®â 27-06-2013.pdf"
                  2⤵
                    PID:506
                  • /Users/run/Ź®«¨â¨Ş 
                    "/Users/run/Ź®«¨â¨Ş " "¨­ä®ŕ¬ ć¨®­­®©" "ˇĄ§®Ż á­®áâ¨" "ăâ˘" "‘„" "®â" 27-06-2013.pdf
                    2⤵
                      PID:506
                    • /Users/run/Ź®«¨â¨Ş 
                      "/Users/run/Ź®«¨â¨Ş " "¨­ä®ŕ¬ ć¨®­­®©" "ˇĄ§®Ż á­®áâ¨" "ăâ˘" "‘„" "®â" 27-06-2013.pdf
                      2⤵
                        PID:506
                    • /usr/sbin/spctl
                      /usr/sbin/spctl --test-devid-status
                      1⤵
                        PID:507
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:509

                        Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads