Analysis Overview
SHA256
4dcb5d42f6a37cb000de14de346978fa3a9f6a8cd4e41aaec3a15534cc726a1d
Threat Level: Likely benign
The file Darkside.zip.zip was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-06-02 10:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-02 10:03
Reported
2023-06-02 10:03
Platform
macos-20220504-en
Max time kernel
5s
Max time network
10s
Command Line
Signatures
Processes
/usr/sbin/spctl
[/usr/sbin/spctl --test-devid-status]
/usr/bin/syslog
[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Darkside.exe]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Darkside.exe]
/bin/zsh
[/bin/zsh -c /Users/run/Darkside.exe]
/bin/zsh
[/bin/zsh -c /Users/run/Darkside.exe]
/Users/run/Darkside.exe
[/Users/run/Darkside.exe]
/Users/run/Darkside.exe
[/Users/run/Darkside.exe]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 2.16.118.172:443 | tcp | |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |