Overview

overview

1

Static

static

1

a665cd40ef...36.zip

macos-10.15-amd64

1

Payload/XA...2x.png

macos-10.15-amd64

1

Payload/XA...lt.png

macos-10.15-amd64

1

Payload/XA...2x.png

macos-10.15-amd64

1

Payload/XA....plist

macos-10.15-amd64

1

Payload/XA...kgInfo

macos-10.15-amd64

1

Payload/XA....plist

macos-10.15-amd64

1

Payload/XA...gs.png

macos-10.15-amd64

1

Payload/XA...XAgent

macos-10.15-amd64

1

Payload/XA....xcent

macos-10.15-amd64

1

Payload/XA...es.xml

macos-10.15-amd64

1

Payload/XA...trings

macos-10.15-amd64

1

Payload/XA...-3.nib

macos-10.15-amd64

1

Payload/XA....plist

macos-10.15-amd64

1

Payload/XA...-2.nib

macos-10.15-amd64

1

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    17-03-2023 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist

  • Size

    231B

  • MD5

    41db55ce39f74832e4bed282663885f0

  • SHA1

    1cfa294da88a76b633d45457220b1bf2efd79b45

  • SHA256

    06d816b38bf161e59e1fda335e7ca2ca7711a210b674d10a62e5bcd53b75632f

  • SHA512

    1fd78d1f9b12a4f197d698e23558fc4810b99a74b61ae3a916edacb7f4312f6ccd334857634aaa61a913442b7db1d75b87739b7a3eb59f42a309a1211b47ba43

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:490
    • /usr/bin/syslog
      /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
      1⤵
        PID:491
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist\""
        1⤵
          PID:492
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist\""
          1⤵
            PID:492
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist\""
            1⤵
              PID:492
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
              1⤵
                PID:492
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                1⤵
                  PID:492
                  • /bin/zsh
                    /bin/zsh -c /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                    2⤵
                      PID:496
                    • /bin/zsh
                      /bin/zsh -c /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                      2⤵
                        PID:496
                      • /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                        /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                        2⤵
                          PID:496
                        • /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                          /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                          2⤵
                            PID:496
                          • /bin/sh
                            sh /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                            2⤵
                              PID:496
                            • /bin/sh
                              sh /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                              2⤵
                                PID:496
                              • /bin/bash
                                sh /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                                2⤵
                                  PID:496
                                • /bin/bash
                                  sh /Users/run/Payload/XAgent.app/en.lproj/MainStoryboard.storyboardc/Info.plist
                                  2⤵
                                    PID:496

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads