104fb56f9ab08ca262b6b50b7cb8246aaf7678bcbfaf866da2656205fddb40f6 | Triage

Submit
Reports

Overview

overview

1

Static

static

1

Payload/Ze...roller

macos-10.15-amd64

1

Payload/Ze...bImage

macos-10.15-amd64

1

Payload/Ze.../Zebra

macos-10.15-amd64

1

Payload/Ze...s.html

windows7-x64

1

Payload/Ze...s.html

windows10-2004-x64

1

Payload/Ze...min.js

windows7-x64

1

Payload/Ze...min.js

windows10-2004-x64

1

Payload/Ze...n.html

windows7-x64

1

Payload/Ze...n.html

windows10-2004-x64

1

Analysis

max time kernel
144s
max time network
152s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
07-03-2023 00:02

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

Payload/Zebra.app/Frameworks/LNPopupController.framework/LNPopupController

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/Zebra.app/Frameworks/SDWebImage.framework/SDWebImage

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/Zebra.app/Zebra

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/Zebra.app/installed_files.html

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/Zebra.app/installed_files.html

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/Zebra.app/ios7.min.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/Zebra.app/ios7.min.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/Zebra.app/package_depiction.html

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/Zebra.app/package_depiction.html

Resource

win10v2004-20230221-en

windows10-2004-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/Zebra.app/Zebra
Size

37.4MB
MD5

5800317a35140301e4d8bfd4f5eb075d
SHA1

6081e8402eb08e0fc90fbe232b4272ecd266b205
SHA256

eb3f02c4f5848d38f06f02dc64bc7c1f377a8b99d66350183b5c6f7126044bd9
SHA512

6187adef85f802a2c70b5244424fe0ceff0d83938d1e07ce9920400e9a2f51a81482a18c17b8acd3d2da44aa6f0acc86561b2a47cbaedd23639cc398b8b6c2f0
SSDEEP

786432:15Sz0fEL6qUopfDO1KhFbdt3V3dnnRKLe31Ejig71sGYG2mLOtiWqZe5DgukI8HN:tyr

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Zebra.app/Zebra\""
1⤵
PID:516

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Zebra.app/Zebra\""
1⤵
PID:516

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Zebra.app/Zebra\""
1⤵
PID:516

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/Zebra.app/Zebra
1⤵
PID:516

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/Zebra.app/Zebra
1⤵
PID:516
- /bin/zsh
  /bin/zsh -c /Users/run/Payload/Zebra.app/Zebra
  2⤵
  PID:517
- /bin/zsh
  /bin/zsh -c /Users/run/Payload/Zebra.app/Zebra
  2⤵
  PID:517
- /Users/run/Payload/Zebra.app/Zebra
  /Users/run/Payload/Zebra.app/Zebra
  2⤵
  PID:517
- /Users/run/Payload/Zebra.app/Zebra
  /Users/run/Payload/Zebra.app/Zebra
  2⤵
  PID:517

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy