452320f3b1da42b30c32ea5ab5887983b575638ceb4e3beacfefbbb3b0510a48 | Triage

Submit
Reports

Overview

overview

4

Static

static

3

ExtPack-license.html

windows7-x64

1

ExtPack-license.html

windows10-2004-x64

1

ExtPack-license.rtf

windows7-x64

4

ExtPack-license.rtf

windows10-2004-x64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd...eR0.r0

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

linux.amd6...cam.so

ubuntu-18.04-amd64

1

linux.amd6...eR0.r0

ubuntu-18.04-amd64

1

linux.amd6...eR3.so

ubuntu-18.04-amd64

1

linux.amd6...pto.so

ubuntu-18.04-amd64

1

linux.amd6...ain.so

ubuntu-18.04-amd64

1

linux.amd6...nVM.so

ubuntu-18.04-amd64

1

linux.amd6...rR3.so

ubuntu-18.04-amd64

1

linux.amd6...mR3.so

ubuntu-18.04-amd64

1

linux.amd6...RDP.so

ubuntu-18.04-amd64

1

linux.amd6...ypt.so

ubuntu-18.04-amd64

1

Analysis

max time kernel
126s
max time network
155s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
24/05/2023, 04:42

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ExtPack-license.html

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ExtPack-license.html

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

ExtPack-license.rtf

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

ExtPack-license.rtf

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

darwin.amd64/VBoxHostWebcam.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

darwin.amd64/VBoxNvmeR0.r0

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

darwin.amd64/VBoxNvmeR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

darwin.amd64/VBoxPuelCrypto.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

darwin.amd64/VBoxPuelMain.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

darwin.amd64/VBoxPuelMainVM.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

darwin.amd64/VBoxUsbCardReaderR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

darwin.amd64/VBoxUsbWebcamR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

darwin.amd64/VBoxVRDP.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

darwin.amd64/VDPluginCrypt.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

darwin.arm64/VBoxNvmeR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

darwin.arm64/VBoxPuelCrypto.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

darwin.arm64/VBoxPuelMain.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

darwin.arm64/VBoxPuelMainVM.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

darwin.arm64/VBoxUsbCardReaderR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

darwin.arm64/VBoxUsbWebcamR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

darwin.arm64/VBoxVRDP.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

darwin.arm64/VDPluginCrypt.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

linux.amd64/VBoxHostWebcam.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

linux.amd64/VBoxNvmeR0.r0

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

linux.amd64/VBoxNvmeR3.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

linux.amd64/VBoxPuelCrypto.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

linux.amd64/VBoxPuelMain.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

linux.amd64/VBoxPuelMainVM.so

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

linux.amd64/VBoxUsbCardReaderR3.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

linux.amd64/VBoxUsbWebcamR3.so

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

linux.amd64/VBoxVRDP.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

linux.amd64/VDPluginCrypt.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

darwin.amd64/VBoxVRDP.dylib
Size

865KB
MD5

c540f60458663442ae330d30ddc03a13
SHA1

063da3cbf1601da709158885dc2793a344cc338a
SHA256

80b4d4f30dad250ca7b777c19c6ee101e958ec5a7a18ab69383bb4b05f2727e5
SHA512

89fba9b3f20e2e961ffcd4fb9cdb2fba085ee21e202c2b4d61f532fdcd0a2e12c049f0f323c137c18d28e7c0efd4ec1d501e0dcf093bde8abbba5f904ea53929
SSDEEP

12288:Fk6gS3q5Vfq45kswrwEI5jvCGypHDKbN9g6NUGCDfK/+LkkdGJh7vQEJJnrDBuuX:Fn4VfqQ6H03

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.amd64/VBoxVRDP.dylib\""
1⤵
PID:518

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.amd64/VBoxVRDP.dylib\""
1⤵
PID:518

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.amd64/VBoxVRDP.dylib\""
1⤵
PID:518

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/darwin.amd64/VBoxVRDP.dylib
1⤵
PID:518

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/darwin.amd64/VBoxVRDP.dylib
1⤵
PID:518
- /bin/zsh
  /bin/zsh -c /Users/run/darwin.amd64/VBoxVRDP.dylib
  2⤵
  PID:519
- /bin/zsh
  /bin/zsh -c /Users/run/darwin.amd64/VBoxVRDP.dylib
  2⤵
  PID:519
- /Users/run/darwin.amd64/VBoxVRDP.dylib
  /Users/run/darwin.amd64/VBoxVRDP.dylib
  2⤵
  PID:519
- /Users/run/darwin.amd64/VBoxVRDP.dylib
  /Users/run/darwin.amd64/VBoxVRDP.dylib
  2⤵
  PID:519

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy