Malware Analysis Report

2024-10-16 03:28

Sample ID 230602-l3hb5sah65
Target Darkside.zip.zip
SHA256 4dcb5d42f6a37cb000de14de346978fa3a9f6a8cd4e41aaec3a15534cc726a1d
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

4dcb5d42f6a37cb000de14de346978fa3a9f6a8cd4e41aaec3a15534cc726a1d

Threat Level: Likely benign

The file Darkside.zip.zip was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-06-02 10:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-02 10:03

Reported

2023-06-02 10:03

Platform

macos-20220504-en

Max time kernel

5s

Max time network

10s

Command Line

[/usr/sbin/spctl --test-devid-status]

Signatures

N/A

Processes

/usr/sbin/spctl

[/usr/sbin/spctl --test-devid-status]

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Darkside.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Darkside.exe]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Darkside.exe]

/bin/zsh

[/bin/zsh -c /Users/run/Darkside.exe]

/bin/zsh

[/bin/zsh -c /Users/run/Darkside.exe]

/Users/run/Darkside.exe

[/Users/run/Darkside.exe]

/Users/run/Darkside.exe

[/Users/run/Darkside.exe]

Network

Country Destination Domain Proto
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 2.16.118.172:443 tcp
US 8.8.8.8:53 27-courier.push.apple.com udp

Files

N/A