560495fa1481406b9ac378514576a174b7e8142afcd76dbb5174e758228f224f | Triage

Submit
Reports

Overview

overview

7

Static

static

7

Keygen.exe

macos-10.15-amd64

1

out.exe

macos-10.15-amd64

1

Keygen.exe

macos-10.15-amd64

1

out.exe

macos-10.15-amd64

1

TBIView/keyhh.exe

macos-10.15-amd64

1

TBIView/setupdrv.exe

macos-10.15-amd64

1

TBIView/tbimsc.exe

macos-10.15-amd64

1

TBIView/tbiview.exe

macos-10.15-amd64

1

TBIView/tbiview64.exe

macos-10.15-amd64

1

TBIView/tbiviewa.exe

macos-10.15-amd64

1

TeraByteDrive.exe

macos-10.15-amd64

1

TeraByteDrivex64.exe

macos-10.15-amd64

1

Tlibr16.dll

macos-10.15-amd64

bartpe.exe

macos-10.15-amd64

1

bingburn.exe

macos-10.15-amd64

1

burncdcc.exe

macos-10.15-amd64

1

buylink.htm

macos-10.15-amd64

1

contextbackup.cmd

macos-10.15-amd64

1

keyhh.exe

macos-10.15-amd64

1

partinfg.exe

macos-10.15-amd64

1

partinfg64.exe

macos-10.15-amd64

1

phylock/ph...2k.exe

macos-10.15-amd64

1

phylock/ph...nt.exe

macos-10.15-amd64

1

phylock/ph...10.exe

macos-10.15-amd64

1

phylock/ph...64.exe

macos-10.15-amd64

1

phylock/ph...w7.exe

macos-10.15-amd64

1

phylock/ph...64.exe

macos-10.15-amd64

1

phylock/ph...64.exe

macos-10.15-amd64

1

phylock/ph...xp.exe

macos-10.15-amd64

1

phylock/readme.txt

macos-10.15-amd64

1

Analysis

max time kernel
66s
max time network
150s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30/05/2023, 10:08

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Keygen.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

out.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Keygen.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

out.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

TBIView/keyhh.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

TBIView/setupdrv.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

TBIView/tbimsc.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

TBIView/tbiview.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

TBIView/tbiview64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

TBIView/tbiviewa.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

TeraByteDrive.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

TeraByteDrivex64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Tlibr16.dll

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

bartpe.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

bingburn.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

burncdcc.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

buylink.htm

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

contextbackup.cmd

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

keyhh.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

partinfg.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

partinfg64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

phylock/phylock.2k.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

phylock/phylock.nt.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

phylock/phylock.w10.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

phylock/phylock.w10.x64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

phylock/phylock.w7.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

phylock/phylock.w7.x64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

phylock/phylock.x64.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

phylock/phylock.xp.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

phylock/readme.txt

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

phylock/phylock.xp.exe
Size

37KB
MD5

65bbf9e84096b57ea97e103cf10e2198
SHA1

32dcb762d60268e8f1efbe915fc47982849b6973
SHA256

e57df5b57e5c75f597dc7401c51aa5079eb2f94b0da197c00a82cd2263ac8981
SHA512

9224fca587b3fc916879e47257edcd4afecf93b9e2da6291042bd9b6b60042dec76b7043855500f56a2bef952cdf88aba8ee51e01f21a0ea10b91f04301d08b2
SSDEEP

768:8tDTrwbYA7RynK1rs53IHH0Kg38MocAhd:8twRynK1wJi0BV/Ahd

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/phylock/phylock.xp.exe\""
1⤵
PID:499

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/phylock/phylock.xp.exe\""
1⤵
PID:499

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/phylock/phylock.xp.exe\""
1⤵
PID:499

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/phylock/phylock.xp.exe
1⤵
PID:499

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/phylock/phylock.xp.exe
1⤵
PID:499
- /bin/zsh
  /bin/zsh -c /Users/run/phylock/phylock.xp.exe
  2⤵
  PID:519
- /bin/zsh
  /bin/zsh -c /Users/run/phylock/phylock.xp.exe
  2⤵
  PID:519
- /Users/run/phylock/phylock.xp.exe
  /Users/run/phylock/phylock.xp.exe
  2⤵
  PID:519
- /Users/run/phylock/phylock.xp.exe
  /Users/run/phylock/phylock.xp.exe
  2⤵
  PID:519

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy