Overview

overview

1

Static

static

1

TL_mcl.dmg

macos-10.15-amd64

1

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    19-03-2023 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TL_mcl.dmg

  • Size

    84.6MB

  • MD5

    bf196ee9798908ac206b029b4a66c0d0

  • SHA1

    346eabda54ddbf603b67e6a4d5a5be0c601d82a6

  • SHA256

    5abf121b7f1ac178154bd966aab93d51697c6b7e7f5b23bf86945c2fdd81d3db

  • SHA512

    da166794d2a338b8e62f4fb7b5f770bd605494c55173a6dfdefd341a3d2b76ad4ed899c6f96018e69d5d9d6b368cdbe2573d8e1ee6738174f35b5bd3f94374a8

  • SSDEEP

    1572864:f205yDEgRFEi1wGg/NjpU5MnpWpZinQaE9Vzz+yi6bDz:u05yDEgw0d2NjpUenpoQn1E9typ6fz

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app\""
    1⤵
      PID:527
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app\""
      1⤵
        PID:527
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app\""
        1⤵
          PID:527
        • /usr/bin/sudo
          sudo /bin/zsh -c "open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app"
          1⤵
            PID:527
          • /usr/bin/sudo
            sudo /bin/zsh -c "open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app"
            1⤵
              PID:527
              • /bin/zsh
                /bin/zsh -c "open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app"
                2⤵
                  PID:528
                • /bin/zsh
                  /bin/zsh -c "open /Volumes/TL\\ for\\ Mc-launcher.com/TL\\ for\\ Mc-launcher.com.app"
                  2⤵
                    PID:528
                  • /usr/bin/open
                    open "/Volumes/TL for Mc-launcher.com/TL for Mc-launcher.com.app"
                    2⤵
                      PID:528
                    • /usr/bin/open
                      open "/Volumes/TL for Mc-launcher.com/TL for Mc-launcher.com.app"
                      2⤵
                        PID:528
                    • /usr/libexec/xpcproxy
                      xpcproxy ru.turikhay.tlauncher.mcl.2300
                      1⤵
                        PID:531
                      • /Volumes/TL for Mc-launcher.com/TL for Mc-launcher.com.app/Contents/MacOS/TL
                        "/Volumes/TL for Mc-launcher.com/TL for Mc-launcher.com.app/Contents/MacOS/TL"
                        1⤵
                          PID:531
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.tailspind
                          1⤵
                            PID:539
                          • /usr/libexec/tailspind
                            /usr/libexec/tailspind
                            1⤵
                              PID:539
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.spindump
                              1⤵
                                PID:542
                              • /usr/sbin/spindump
                                /usr/sbin/spindump
                                1⤵
                                  PID:542
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.spindump_agent
                                  1⤵
                                    PID:543
                                  • /usr/libexec/spindump_agent
                                    /usr/libexec/spindump_agent
                                    1⤵
                                      PID:543

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • /private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/531
                                      Filesize

                                      32KB

                                      MD5

                                      bb7df04e1b0a2570657527a7e108ae23

                                      SHA1

                                      5188431849b4613152fd7bdba6a3ff0a4fd6424b

                                      SHA256

                                      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                                      SHA512

                                      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                                      Download Submit