a5f489c22c1c51c14ed6f3fff2bbf1f0105400ac70329d22953680b73d892888

General

Target

virus/virus4mg.vcf
Size

4.6MB
MD5

15b44890bd9665ae6d721fff116ddce7
SHA1

7b0d72c96439cb0f4238d8ee74f2d7fa073781eb
SHA256

63edc352d373d87ad0b6ddded1542a8b97d6e5ccb89719e3e8347f285dc3801e
SHA512

4e5e0f51ae0639409f78ad356ff8397cd8bf34000e07c663df26e5aa77603d04609fbfbb4d24338a7744d05bfdf547e9140ad456839d6a9ad4d9ca723005055d
SSDEEP

1536:kzKB2v0D09ABKB2v0D09AbWTyNmwwUVoP6T7TQD8CFYn0lmpgCl2vmLC9NwFKtyd:kC6

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:495

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/virus/virus4mg.vcf\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/virus/virus4mg.vcf\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/virus/virus4mg.vcf\""
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/virus/virus4mg.vcf
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/virus/virus4mg.vcf
1⤵
PID:496
- /bin/zsh
  /bin/zsh -c /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /bin/zsh
  /bin/zsh -c /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /Users/run/virus/virus4mg.vcf
  /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /Users/run/virus/virus4mg.vcf
  /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /bin/sh
  sh /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /bin/sh
  sh /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /bin/bash
  sh /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510
- /bin/bash
  sh /Users/run/virus/virus4mg.vcf
  2⤵
  PID:510

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:497

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:23925

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:23925

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 23925
1⤵
PID:24063

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:24063

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:24071

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:24073

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:24074

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:24075

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:24076

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:24088

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:24088

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.softwareupdate.remoteservice 23925
1⤵
PID:24525

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
1⤵
PID:24525

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:25992

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:26542

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:26542

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:33928

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:33928

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:33928

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:33928

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:33928

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:33946

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:33946

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:33947

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:33947

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync5d75.4JcUFI

Filesize
288KB

MD5
ce9032fc27dc24f38c40c4116b2aec09

SHA1
617bf0e6e5838af3740393cedbf38307b7248371

SHA256
7bff5dd79349e4e42419a9f1720119cc19767df0ec1bedd6fada6a28a8be3749

SHA512
a1883e330fd3483da59388e16da1f392af2174170700093f213a1b218f3d04ae9b1d3f6d3bc9ebeb69324440de414f7a92b92739e98e5880f3b7b078b9676af1

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.studentd/TemporaryItems/(A Document Being Saved By studentd)/isConnected

Filesize
9B

MD5
2ec0d16e4ca169baedb9b2d50ec5c6d7

SHA1
c2f9b7b4897f03f94abf92294c9ca46fea62360b

SHA256
22965568d22a14ee17af055d2870b50afcfe9fd94a83eec3196e266932297bb2

SHA512
22f8e80d23c6110fb42017d8f48db768acb5ed4c1a9153bdfc50f8fb0561dd4dc9267efcb9b88bf772200d7fb46c4c19bd86aec41432c12b52ba286729339334

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads