60505a1da31bf78ce7d12109f6bc4e4032e1f95805f73b8f85d6750557920300

General

Target

Discord Modification.py
Size

43KB
MD5

47649d90815906743050756028c9e3db
SHA1

0c76063008a031e79ccfa089cd0e8feec6bef30f
SHA256

60505a1da31bf78ce7d12109f6bc4e4032e1f95805f73b8f85d6750557920300
SHA512

a0df6aa7bea50578b4ded02ba4ba9d738c12c47f93a725e3294dcb075f9daf16525ef25d7264ab55f98bc19badbe9a8675549aff1e358c410bbedf684ab29d1b
SSDEEP

768:SvRD7vHsg0gZMyapuAeUo0kULB2tq7uRfzjKxoD3nnwQx9idk6c2V7:S5nR0SCpSvbUF2k7cfzmgnwi9irhV7

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Discord Modification.py\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Discord Modification.py\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Discord Modification.py\""
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Discord Modification.py"
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Discord Modification.py"
1⤵
PID:505

/bin/zsh
/bin/zsh -c "/Users/run/Discord Modification.py"
2⤵
PID:507

/bin/zsh
/bin/zsh -c "/Users/run/Discord Modification.py"
2⤵
PID:507

/Users/run/Discord
/Users/run/Discord Modification.py
2⤵
PID:507

/Users/run/Discord
/Users/run/Discord Modification.py
2⤵
PID:507

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:506

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:508

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:509

/usr/local/bin/pip
pip install
1⤵
PID:539

/usr/local/bin/pip
pip install
1⤵
PID:539

/usr/bin/pip
pip install
1⤵
PID:539

/usr/bin/pip
pip install
1⤵
PID:539

/bin/pip
pip install
1⤵
PID:539

/bin/pip
pip install
1⤵
PID:539

/usr/sbin/pip
pip install
1⤵
PID:539

/usr/sbin/pip
pip install
1⤵
PID:539

/sbin/pip
pip install
1⤵
PID:539

/sbin/pip
pip install
1⤵
PID:539

/usr/local/bin/brea
brea
1⤵
PID:540

/usr/local/bin/brea
brea
1⤵
PID:540

/usr/bin/brea
brea
1⤵
PID:540

/usr/bin/brea
brea
1⤵
PID:540

/bin/brea
brea
1⤵
PID:540

/bin/brea
brea
1⤵
PID:540

/usr/sbin/brea
brea
1⤵
PID:540

/usr/sbin/brea
brea
1⤵
PID:540

/sbin/brea
brea
1⤵
PID:540

/sbin/brea
brea
1⤵
PID:540

/usr/local/bin/brew
brew
1⤵
PID:541

/usr/local/bin/brew
brew
1⤵
PID:541

/usr/bin/readlink
readlink /usr/local/bin/brew
1⤵
PID:546

/usr/bin/readlink
readlink /usr/local/bin/brew
1⤵
PID:546

/usr/bin/dirname
dirname ../Homebrew/bin/brew
1⤵
PID:548

/usr/bin/dirname
dirname ../Homebrew/bin/brew
1⤵
PID:548

/usr/bin/readlink
readlink /usr/local/bin/brew
1⤵
PID:551

/usr/bin/readlink
readlink /usr/local/bin/brew
1⤵
PID:551

/usr/bin/dirname
dirname ../Homebrew/bin/brew
1⤵
PID:553

/usr/bin/dirname
dirname ../Homebrew/bin/brew
1⤵
PID:553

/usr/bin/env
/usr/bin/env -i "HOME=/Users/run" "SHELL=/bin/zsh" "PATH=/usr/bin:/bin:/usr/sbin:/sbin" "TERM=xterm-256color" "LOGNAME=run" "USER=run" "SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.HZDkUXq143/Listeners" "HOMEBREW_BREW_FILE=/usr/local/bin/brew" "HOMEBREW_LIBRARY=/usr/local/Homebrew/Library" "HOMEBREW_PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" "HOMEBREW_PREFIX=/usr/local" "HOMEBREW_REPOSITORY=/usr/local/Homebrew" /bin/bash /usr/local/Homebrew/Library/Homebrew/brew.sh
1⤵
PID:541

/usr/bin/env
/usr/bin/env -i "HOME=/Users/run" "SHELL=/bin/zsh" "PATH=/usr/bin:/bin:/usr/sbin:/sbin" "TERM=xterm-256color" "LOGNAME=run" "USER=run" "SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.HZDkUXq143/Listeners" "HOMEBREW_BREW_FILE=/usr/local/bin/brew" "HOMEBREW_LIBRARY=/usr/local/Homebrew/Library" "HOMEBREW_PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" "HOMEBREW_PREFIX=/usr/local" "HOMEBREW_REPOSITORY=/usr/local/Homebrew" /bin/bash /usr/local/Homebrew/Library/Homebrew/brew.sh
1⤵
PID:541

/bin/bash
/bin/bash /usr/local/Homebrew/Library/Homebrew/brew.sh
1⤵
PID:541

/bin/bash
/bin/bash /usr/local/Homebrew/Library/Homebrew/brew.sh
1⤵
PID:541

/usr/bin/uname
uname -m
2⤵
PID:554

/usr/bin/uname
uname -m
2⤵
PID:554

/usr/bin/uname
uname -s
2⤵
PID:555

/usr/bin/uname
uname -s
2⤵
PID:555

/usr/bin/locale
locale charmap
2⤵
PID:556

/usr/bin/locale
locale charmap
2⤵
PID:556

/usr/bin/sw_vers
/usr/bin/sw_vers -productVersion
2⤵
PID:577

/usr/bin/sw_vers
/usr/bin/sw_vers -productVersion
2⤵
PID:577

/usr/bin/id
id -u
2⤵
PID:613

/usr/bin/id
id -u
2⤵
PID:613

/bin/cat
cat /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby-version
2⤵
PID:671

/bin/cat
cat /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby-version
2⤵
PID:671

/usr/bin/readlink
readlink /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current
2⤵
PID:672

/usr/bin/readlink
readlink /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current
2⤵
PID:672

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git -C /usr/local/Homebrew describe --tags --dirty "--abbrev=7"
1⤵
PID:559

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git -C /usr/local/Homebrew describe --tags --dirty "--abbrev=7"
1⤵
PID:559

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:565

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:565

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:568

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:568

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:570

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:570

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:573

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:573

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git -C /usr/local/Homebrew describe --tags --dirty "--abbrev=7"
1⤵
PID:559

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git -C /usr/local/Homebrew describe --tags --dirty "--abbrev=7"
1⤵
PID:559

/usr/local/Homebrew/Library/Homebrew/shims/shared/curl
/usr/local/Homebrew/Library/Homebrew/shims/shared/curl --version
1⤵
PID:579

/usr/local/Homebrew/Library/Homebrew/shims/shared/curl
/usr/local/Homebrew/Library/Homebrew/shims/shared/curl --version
1⤵
PID:579

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:586

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:586

/usr/bin/curl
/usr/bin/curl --version
1⤵
PID:579

/usr/bin/curl
/usr/bin/curl --version
1⤵
PID:579

/usr/bin/xcode-select
/usr/bin/xcode-select --print-path
1⤵
PID:591

/usr/bin/xcode-select
/usr/bin/xcode-select --print-path
1⤵
PID:591

/usr/bin/xcrun
/usr/bin/xcrun clang
1⤵
PID:593

/usr/bin/xcrun
/usr/bin/xcrun clang
1⤵
PID:593

/Library/Developer/CommandLineTools/usr/bin/clang
/Library/Developer/CommandLineTools/usr/bin/clang
1⤵
PID:593

/Library/Developer/CommandLineTools/usr/bin/clang
/Library/Developer/CommandLineTools/usr/bin/clang
1⤵
PID:593

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.devcmdrun
1⤵
PID:595

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.devcmdrun
1⤵
PID:595

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:601

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:601

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:604

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:604

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:606

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:606

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:609

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:609

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.devcmdrun
1⤵
PID:595

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.devcmdrun
1⤵
PID:595

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsmessage
1⤵
PID:615

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsmessage
1⤵
PID:615

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:621

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:621

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:624

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:624

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:626

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:626

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:629

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:629

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsmessage
1⤵
PID:615

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsmessage
1⤵
PID:615

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsdisabled
1⤵
PID:634

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsdisabled
1⤵
PID:634

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:640

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:640

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:643

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:643

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:645

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:645

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:648

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:648

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsdisabled
1⤵
PID:634

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsdisabled
1⤵
PID:634

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsuuid
1⤵
PID:653

/usr/local/Homebrew/Library/Homebrew/shims/shared/git
/usr/local/Homebrew/Library/Homebrew/shims/shared/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsuuid
1⤵
PID:653

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:659

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:659

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:662

/usr/bin/xcode-select
/usr/bin/xcode-select -print-path
1⤵
PID:662

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:664

/usr/bin/xcrun
/usr/bin/xcrun -find git
1⤵
PID:664

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:667

/usr/bin/tr
tr "[:upper:]" "[:lower:]"
1⤵
PID:667

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsuuid
1⤵
PID:653

/Library/Developer/CommandLineTools/usr/bin/git
/Library/Developer/CommandLineTools/usr/bin/git config "--file=/usr/local/Homebrew/.git/config" --get homebrew.analyticsuuid
1⤵
PID:653

/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current/bin/ruby
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current/bin/ruby -W1 "--disable=rubyopt" /usr/local/Homebrew/Library/Homebrew/brew.rb
1⤵
PID:541

/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current/bin/ruby
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/current/bin/ruby -W1 "--disable=rubyopt" /usr/local/Homebrew/Library/Homebrew/brew.rb
1⤵
PID:541

/usr/sbin/sysctl
/usr/sbin/sysctl -n hw.cputype
2⤵
PID:673

/usr/sbin/sysctl
/usr/sbin/sysctl -n hw.cputype
2⤵
PID:673

/bin/sh
sh -c "python3.7 --version 2>&1"
2⤵
PID:674

/bin/sh
sh -c "python3.7 --version 2>&1"
2⤵
PID:674

/bin/bash
sh -c "python3.7 --version 2>&1"
2⤵
PID:674

/bin/bash
sh -c "python3.7 --version 2>&1"
2⤵
PID:674

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads