Overview

overview

1

Static

static

macos

macos-10.15-amd64

1

Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    07/11/2022, 14:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7d61305f71019d81228a422486e4fba613ebb277

  • Size

    4KB

  • MD5

    280382730313f900d359ba8c87e8d1cf

  • SHA1

    7d61305f71019d81228a422486e4fba613ebb277

  • SHA256

    10478c54f97e7cbee5de0c70903b6fd525a7bd21c0e089b123758a52106ab975

  • SHA512

    9908193e6b83533ea3422130238b23c4bb95dc95d6f4e5e89ac05dd17dbbc7bdae038144bb226c35c620595279949d0b6a66c7b09a164ffc4598f680c0079d79

  • SSDEEP

    96:T9BTAWX8YH0ve/TyuzVXJ87ymttMtUCwdAbDD7dedx0CJ7hCos5q:T9rBHEOxXJ87VtO2CuALRgx97hW5q

Score
1/10

Malware Config

Signatures

Processes

  • /usr/bin/syslog
    /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
    1⤵
      PID:503
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/7d61305f71019d81228a422486e4fba613ebb277\""
      1⤵
        PID:504
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/7d61305f71019d81228a422486e4fba613ebb277\""
        1⤵
          PID:504
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/7d61305f71019d81228a422486e4fba613ebb277\""
          1⤵
            PID:504
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/7d61305f71019d81228a422486e4fba613ebb277
            1⤵
              PID:504
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/7d61305f71019d81228a422486e4fba613ebb277
              1⤵
                PID:504
                • /bin/zsh
                  /bin/zsh -c /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                  2⤵
                    PID:505
                  • /bin/zsh
                    /bin/zsh -c /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                    2⤵
                      PID:505
                    • /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                      /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                      2⤵
                        PID:505
                      • /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                        /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                        2⤵
                          PID:505
                        • /usr/bin/zsh
                          zsh /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                          2⤵
                            PID:505
                          • /usr/bin/zsh
                            zsh /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                            2⤵
                              PID:505
                            • /bin/zsh
                              zsh /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                              2⤵
                                PID:505
                              • /bin/zsh
                                zsh /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                                2⤵
                                  PID:505
                                  • /usr/bin/dirname
                                    dirname /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                                    3⤵
                                      PID:511
                                    • /usr/bin/dirname
                                      dirname /Users/run/7d61305f71019d81228a422486e4fba613ebb277
                                      3⤵
                                        PID:511
                                      • /usr/bin/dirname
                                        dirname /Users/run
                                        3⤵
                                          PID:512
                                        • /usr/bin/dirname
                                          dirname /Users/run
                                          3⤵
                                            PID:512
                                      • /usr/bin/rev
                                        rev
                                        1⤵
                                          PID:510
                                        • /usr/bin/rev
                                          rev
                                          1⤵
                                            PID:510

                                          Network

                                                MITRE ATT&CK Matrix

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads