Overview

overview

1

Static

static

1

3e4bbd2175...bd8c79

macos-10.15-amd64

1

Analysis

  • max time kernel
    120s
  • max time network
    151s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    16-04-2023 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

  • Size

    402KB

  • MD5

    abf01633960dd77c6137175a21fccf34

  • SHA1

    2d15286d25f0e0938823dcd742bc928e78199b3d

  • SHA256

    3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

  • SHA512

    4929d96033de0ecbb5a2356f12dc8e1cbf1a4d9659bb3c30005b55e8691981176e7162672b250ff1a8008e8dbdf4272df2a8d7fd0b7f03a6069df64f87ea01c3

  • SSDEEP

    6144:dsjtmdjmg8o3TMkdSFKvrhWmc/aa/YxyPy0y5ykyPpelPyrO8BrGd2//ryj4hqq1:dsj0dApBS3lPy7nn24cq1g+bKpbIfp

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:498
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:500
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79\""
        1⤵
          PID:499
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79\""
          1⤵
            PID:499
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79\""
            1⤵
              PID:499
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
              1⤵
                PID:499
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                1⤵
                  PID:499
                  • /bin/zsh
                    /bin/zsh -c /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                    2⤵
                      PID:517
                    • /bin/zsh
                      /bin/zsh -c /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                      2⤵
                        PID:517
                      • /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                        /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                        2⤵
                          PID:517
                        • /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                          /Users/run/3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                          2⤵
                            PID:517
                        • /usr/bin/syslog
                          /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                          1⤵
                            PID:501
                          • ./3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                            ./3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                            1⤵
                              PID:522
                            • ./3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                              ./3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                              1⤵
                                PID:522
                              • /bin/ls
                                ls
                                1⤵
                                  PID:530
                                • /bin/ls
                                  ls
                                  1⤵
                                    PID:530
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                    1⤵
                                      PID:539
                                    • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                      /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                      1⤵
                                        PID:539
                                      • /bin/ls
                                        ls -al
                                        1⤵
                                          PID:541
                                        • /bin/ls
                                          ls -al
                                          1⤵
                                            PID:541
                                          • /usr/bin/file
                                            file 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                                            1⤵
                                              PID:542
                                            • /usr/bin/file
                                              file 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
                                              1⤵
                                                PID:542

                                              Network

                                              MITRE ATT&CK Matrix

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads