Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
151s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
19/04/2023, 14:30
Static task
static1
Behavioral task
behavioral1
Sample
.appodeal2
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
.appodeal2
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
.appodeal2
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
.appodeal2
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral5
Sample
.appodeal2
Resource
android-x64-20220823-en
Behavioral task
behavioral6
Sample
.appodeal2
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral7
Sample
.appodeal2
Resource
macos-20220504-en
General
-
Target
.appodeal2
-
Size
61B
-
MD5
48742fdde3c2dc53140013e20cb98005
-
SHA1
a2b00f933245cee3ea6ea434ebbbe4d284d6c21e
-
SHA256
66bfc31be4cbd656d62a2bebe38c6ffdf9095eb87e69fe81e797cedcba9d159a
-
SHA512
03ffdc64ff6c5d7c455d25771f8ab9c70dbd8a60478512775679d1f37d41b1f47927466b4f06f6f9487d2523ba8128f75a6c6780c46946f0e99dc605d0f21436
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/.appodeal2\""1⤵PID:506
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/.appodeal2\""1⤵PID:506
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/.appodeal2\""1⤵PID:506
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/.appodeal21⤵PID:506
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/.appodeal21⤵PID:506
-
/bin/zsh/bin/zsh -c /Users/run/.appodeal22⤵PID:512
-
-
/bin/zsh/bin/zsh -c /Users/run/.appodeal22⤵PID:512
-
-
/Users/run/.appodeal2/Users/run/.appodeal22⤵PID:512
-
-
/Users/run/.appodeal2/Users/run/.appodeal22⤵PID:512
-
-
/bin/shsh /Users/run/.appodeal22⤵PID:512
-
-
/bin/shsh /Users/run/.appodeal22⤵PID:512
-
-
/bin/bashsh /Users/run/.appodeal22⤵PID:512
-
-
/bin/bashsh /Users/run/.appodeal22⤵PID:512
-
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵PID:505
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵PID:514
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵PID:515