4dcb5d42f6a37cb000de14de346978fa3a9f6a8cd4e41aaec3a15534cc726a1d

Analysis

max time kernel
230s
max time network
232s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03-06-2023 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Darkside.exe
Size

59KB
MD5

cfcfb68901ffe513e9f0d76b17d02f96
SHA1

766b30e5a37d1bc8d8fe5c7cacc314504a44ac1f
SHA256

17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61
SHA512

0d26fa9478f4626107e38c570d1bae1049b744181cf0395d95fb07675575ca393d88d4783bf31bdf11bef1da5648a5a53a6d95b21492f96b4de35c0ec323ae0c
SSDEEP

768:9jjV7Iax7F3DS4/S96/P3rsAc4ci5pwwX5+R4VYY23W5:vx7Fu4/i6/P3rlckx5+R4VDZ5

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Darkside.exe\""
1⤵
PID:508

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Darkside.exe\""
1⤵
PID:508

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Darkside.exe\""
1⤵
PID:508

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:507

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Darkside.exe
1⤵
PID:508

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Darkside.exe
1⤵
PID:508

/bin/zsh
/bin/zsh -c /Users/run/Darkside.exe
2⤵
PID:510

/bin/zsh
/bin/zsh -c /Users/run/Darkside.exe
2⤵
PID:510

/Users/run/Darkside.exe
/Users/run/Darkside.exe
2⤵
PID:510

/Users/run/Darkside.exe
/Users/run/Darkside.exe
2⤵
PID:510

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:509

/usr/libexec/xpcproxy
xpcproxy com.apple.AppStore.1900
1⤵
PID:539

/System/Applications/App Store.app/Contents/MacOS/App Store
"/System/Applications/App Store.app/Contents/MacOS/App Store"
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.storeuid
1⤵
PID:540

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 539
1⤵
PID:542

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:542

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:543

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:546

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2D8090A7-90D8-40F4-A982-2BD4252DC695 539
1⤵
PID:548

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:550

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:550

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Containers/com.apple.AppStore/Data/Library/Caches/com.apple.AppStore/HSTS.plist
Filesize
298B

MD5
0663d3f531e9dc06d135949a7d6893a4

SHA1
95fa5bc3c71e5344ead39d37c6a21450c4b79ffd

SHA256
89b37affd73799652e9c270028fdca6412080326c30bc36c32d34fb59f0b7475

SHA512
d91009b45242864ce7a81d0e47d8e8973549038f4a6485e78b86c7092eea926eec5fec3af7c0aece486e991b4dadea5a376ad76eb5d51ae7e205ba3fba8b282f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize
422KB

MD5
73597525cab8c18f11d7165aa88e000f

SHA1
08f9fa26879c6feac2c32ca540e932c3b798cef0

SHA256
c6dae0a36220849ed3bc2b6301f3696557fdb00490a6d8a2cf812b38df29e574

SHA512
6b6ef5046f88293e191c9bfa1801d62d5a12e34285be2bf425552518f042785a93d2df5d0de44997e88b4de8e72714364ffe7b065d8cd601e321a1b476b1a840

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression.tmp
Filesize
422KB

MD5
73597525cab8c18f11d7165aa88e000f

SHA1
08f9fa26879c6feac2c32ca540e932c3b798cef0

SHA256
c6dae0a36220849ed3bc2b6301f3696557fdb00490a6d8a2cf812b38df29e574

SHA512
6b6ef5046f88293e191c9bfa1801d62d5a12e34285be2bf425552518f042785a93d2df5d0de44997e88b4de8e72714364ffe7b065d8cd601e321a1b476b1a840

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize
27.9MB

MD5
a222ca013922f544cfda1508f284cdb1

SHA1
64a487da05788b375968c8fae4732f4b287cf131

SHA256
f51eff5e279ba09379c4cc2840605664d9d235e0eed0301a736b18a8ed310c57

SHA512
7c2ae34902dd0057e61fd771dae48d526998842389059e0a79a85de3a62315579381473aa17aff1b6bb6edefdd91c61c69d79efdcf36b05fafb656c0da139359

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression.tmp
Filesize
27.9MB

MD5
a222ca013922f544cfda1508f284cdb1

SHA1
64a487da05788b375968c8fae4732f4b287cf131

SHA256
f51eff5e279ba09379c4cc2840605664d9d235e0eed0301a736b18a8ed310c57

SHA512
7c2ae34902dd0057e61fd771dae48d526998842389059e0a79a85de3a62315579381473aa17aff1b6bb6edefdd91c61c69d79efdcf36b05fafb656c0da139359

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize
142KB

MD5
75fc2da6f7b44fd2b046510c01983793

SHA1
fef2c0589c46542bf2a55756911b3062c34fce61

SHA256
71a1e63e0001924c7f7bd795e53594b302fe2eddb39b2fef3faff66e46e4e5e0

SHA512
6dac387d353b327009cb89afdff2c3f44f325305b0393132d48df45eeb63bba999911153f4ff7333a282f0ad2d123367469468ebd09259162f9fdfd4df411693

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression.tmp
Filesize
142KB

MD5
75fc2da6f7b44fd2b046510c01983793

SHA1
fef2c0589c46542bf2a55756911b3062c34fce61

SHA256
71a1e63e0001924c7f7bd795e53594b302fe2eddb39b2fef3faff66e46e4e5e0

SHA512
6dac387d353b327009cb89afdff2c3f44f325305b0393132d48df45eeb63bba999911153f4ff7333a282f0ad2d123367469468ebd09259162f9fdfd4df411693

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.WebKit.WebContent.Sandbox/CompiledSandbox+I1q2HjXwBhU_U59j0Gp2AcT9aI-SwaDMdcQzS7VmCg4
Filesize
48KB

MD5
47b17ccb45bc4e6c3acd3c2309ba82c6

SHA1
4195604ce1f8144f6f7b7e1b643fd8c888207555

SHA256
dd5b987e7988d6458db2937871b215f87d56531e479101001035e2b848aecbe1

SHA512
abe479a0650b319183982e45b1e5d67552c1623d661441fdcc791a26d8469137bb9aabe7cbaad186ace62ef7a0c05eea0c106ecf43ed73cb5c126ce8bd18a0b7

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/com.apple.scriptmanager2.le.cache
Filesize
18KB

MD5
1d8e1388683dc96ed97907efcce83fda

SHA1
561fdf03a98032baaeb7bc214fd6fc2712ba42b0

SHA256
a6be2b32f120066646a50b537477f2d359d7013851f123146cb9b6a7a1371e8c

SHA512
70a1e99dad32b200eb26ad78e6433b3e9e052355ada3a3ad1cb6c644c1a0513e593ccd89ef8b9b305013b37f3f850f049d787677878f412d23fb517147c18c98

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db_
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsObject.db_
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.AppStore/TemporaryItems/(A Document Being Saved By App Store)/sap-setup-cert.txt
Filesize
2KB

MD5
fc9f826f89b00b4f7fdce0bc9831370e

SHA1
357b3c8b4e30dd4927c1bba9200f1d0d0b54e3b6

SHA256
4d8deea49240223b7d6ef9d4dbdaacec8a20901f41131d72931860bd2dd0db73

SHA512
715521e288483783d33d3dd81f9768fdd707cbc9d588e3caf0b626fb0b113e06bd01f5d010188a62486cde2c5ca07c3aa3ee4421eb018a89c9ab1648b386f142

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads