Overview

overview

1

Static

static

Authorize.auz

macos-10.15-amd64

1

Analysis

  • max time kernel
    148s
  • max time network
    141s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    15/01/2023, 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Authorize.auz

  • Size

    55KB

  • MD5

    8a681d9b459d2c65a03b8e305eb59966

  • SHA1

    58d2a60643ab2fcd96e725ea80f2957add5ce1d3

  • SHA256

    a79413b947b1d724bb55ac134bb37147a7ddc6e9c28e8c0397aeea91b75010ae

  • SHA512

    277f4bff7a9378425de669883fd115312da61e491fcade03c6d29e9e35ec38c54b2065906dd54957b77d1074896cc19f2db956c475c8b28cbfb10c2b94139f36

  • SSDEEP

    1536:LLuDiMdcmHgXRAckjBms48bx2m5tEJ93I:Q5RoiM4

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:498
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:501
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:502
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/Authorize.auz\""
          1⤵
            PID:503
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/Authorize.auz\""
            1⤵
              PID:503
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/Authorize.auz\""
              1⤵
                PID:503
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/Authorize.auz
                1⤵
                  PID:503
                • /usr/bin/sudo
                  sudo /bin/zsh -c /Users/run/Authorize.auz
                  1⤵
                    PID:503
                    • /bin/zsh
                      /bin/zsh -c /Users/run/Authorize.auz
                      2⤵
                        PID:506
                      • /bin/zsh
                        /bin/zsh -c /Users/run/Authorize.auz
                        2⤵
                          PID:506
                        • /Users/run/Authorize.auz
                          /Users/run/Authorize.auz
                          2⤵
                            PID:506
                          • /Users/run/Authorize.auz
                            /Users/run/Authorize.auz
                            2⤵
                              PID:506
                            • /bin/sh
                              sh /Users/run/Authorize.auz
                              2⤵
                                PID:506
                              • /bin/sh
                                sh /Users/run/Authorize.auz
                                2⤵
                                  PID:506
                                • /bin/bash
                                  sh /Users/run/Authorize.auz
                                  2⤵
                                    PID:506
                                  • /bin/bash
                                    sh /Users/run/Authorize.auz
                                    2⤵
                                      PID:506
                                  • /usr/bin/login
                                    login -pf run
                                    1⤵
                                      PID:997
                                    • /usr/bin/login
                                      login -pf run
                                      1⤵
                                        PID:997
                                        • /bin/zsh
                                          -zsh
                                          2⤵
                                            PID:998
                                          • /bin/zsh
                                            -zsh
                                            2⤵
                                              PID:998
                                              • /usr/libexec/path_helper
                                                /usr/libexec/path_helper -s
                                                3⤵
                                                  PID:999
                                                • /usr/libexec/path_helper
                                                  /usr/libexec/path_helper -s
                                                  3⤵
                                                    PID:999
                                                  • /usr/bin/locale
                                                    locale LC_CTYPE
                                                    3⤵
                                                      PID:1000
                                                    • /usr/bin/locale
                                                      locale LC_CTYPE
                                                      3⤵
                                                        PID:1000

                                                  Network

                                                  MITRE ATT&CK Matrix

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • /private/var/run/utmpx
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    8712a745648798ed9660f1c65f289152

                                                    SHA1

                                                    268b05dea52a9c1b6c06af0f3a57b6165e5b6ffa

                                                    SHA256

                                                    cbae328ffd971c17fa0e19de4205d14a5ea842f7cbe9c4f0101af86cfcb70100

                                                    SHA512

                                                    cf063dfd2096fca2d1a21a2748838914795b51917fd13882c8355c0bec44f1b6863c4a8eeed658dbeed580a232ee38a83b1e83eddeaffc17cde610eac2518fe7

                                                    Download Submit

                                                  • /private/var/run/utmpx
                                                    Filesize

                                                    3KB

                                                    MD5

                                                    8712a745648798ed9660f1c65f289152

                                                    SHA1

                                                    268b05dea52a9c1b6c06af0f3a57b6165e5b6ffa

                                                    SHA256

                                                    cbae328ffd971c17fa0e19de4205d14a5ea842f7cbe9c4f0101af86cfcb70100

                                                    SHA512

                                                    cf063dfd2096fca2d1a21a2748838914795b51917fd13882c8355c0bec44f1b6863c4a8eeed658dbeed580a232ee38a83b1e83eddeaffc17cde610eac2518fe7

                                                    Download Submit