452320f3b1da42b30c32ea5ab5887983b575638ceb4e3beacfefbbb3b0510a48 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

ExtPack-license.html

windows7-x64

1

ExtPack-license.html

windows10-2004-x64

1

ExtPack-license.rtf

windows7-x64

4

ExtPack-license.rtf

windows10-2004-x64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd...eR0.r0

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.amd....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

darwin.arm....dylib

macos-10.15-amd64

1

linux.amd6...cam.so

ubuntu-18.04-amd64

1

linux.amd6...eR0.r0

ubuntu-18.04-amd64

1

linux.amd6...eR3.so

ubuntu-18.04-amd64

1

linux.amd6...pto.so

ubuntu-18.04-amd64

1

linux.amd6...ain.so

ubuntu-18.04-amd64

1

linux.amd6...nVM.so

ubuntu-18.04-amd64

1

linux.amd6...rR3.so

ubuntu-18.04-amd64

1

linux.amd6...mR3.so

ubuntu-18.04-amd64

1

linux.amd6...RDP.so

ubuntu-18.04-amd64

1

linux.amd6...ypt.so

ubuntu-18.04-amd64

1

Analysis

max time kernel
140s
max time network
138s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
24/05/2023, 04:42

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ExtPack-license.html

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ExtPack-license.html

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

ExtPack-license.rtf

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

ExtPack-license.rtf

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

darwin.amd64/VBoxHostWebcam.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

darwin.amd64/VBoxNvmeR0.r0

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

darwin.amd64/VBoxNvmeR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

darwin.amd64/VBoxPuelCrypto.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

darwin.amd64/VBoxPuelMain.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

darwin.amd64/VBoxPuelMainVM.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

darwin.amd64/VBoxUsbCardReaderR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

darwin.amd64/VBoxUsbWebcamR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

darwin.amd64/VBoxVRDP.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

darwin.amd64/VDPluginCrypt.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

darwin.arm64/VBoxNvmeR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

darwin.arm64/VBoxPuelCrypto.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

darwin.arm64/VBoxPuelMain.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

darwin.arm64/VBoxPuelMainVM.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

darwin.arm64/VBoxUsbCardReaderR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

darwin.arm64/VBoxUsbWebcamR3.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

darwin.arm64/VBoxVRDP.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

darwin.arm64/VDPluginCrypt.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

linux.amd64/VBoxHostWebcam.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

linux.amd64/VBoxNvmeR0.r0

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

linux.amd64/VBoxNvmeR3.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

linux.amd64/VBoxPuelCrypto.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

linux.amd64/VBoxPuelMain.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

linux.amd64/VBoxPuelMainVM.so

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

linux.amd64/VBoxUsbCardReaderR3.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

linux.amd64/VBoxUsbWebcamR3.so

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

linux.amd64/VBoxVRDP.so

Resource

ubuntu1804-amd64-20221111-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

linux.amd64/VDPluginCrypt.so

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

darwin.arm64/VBoxPuelCrypto.dylib
Size

86KB
MD5

6159543124ee7d19dabaff1cb953ed72
SHA1

f2baf94a2c93944975b59c84a87fa2150e9d9b49
SHA256

778aa514a9517a0b04459aa46faf195c523b4b33b54e171ebe8f71ebe8a1e827
SHA512

8e5612dbfd339a80ec70cbd8bd36d600a0d210355bfe06a5fd7a1e28b016625e18aa71c3375dd056ad2a630f9926ac83b9a28a896a86e1c0611cf67b24ddbbc2
SSDEEP

768:RYsa5QoP/sazMZmJ6ozI2BDFo8v4FDab8:OQoXsYMZuXdBDFoG4NK

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.arm64/VBoxPuelCrypto.dylib\""
1⤵
PID:513

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.arm64/VBoxPuelCrypto.dylib\""
1⤵
PID:513

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/darwin.arm64/VBoxPuelCrypto.dylib\""
1⤵
PID:513

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
1⤵
PID:513

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
1⤵
PID:513
- /bin/zsh
  /bin/zsh -c /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  2⤵
  PID:514
- /bin/zsh
  /bin/zsh -c /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  2⤵
  PID:514
- /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  2⤵
  PID:514
- /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  /Users/run/darwin.arm64/VBoxPuelCrypto.dylib
  2⤵
  PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:525

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:525

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy