80aefa570c4adbcb039045228d649bcf2a4ac15aa7cfa20fda89cdc48bf967a2 | Triage

Submit
Reports

Overview

overview

3

Static

static

1

preloaded_data.pb

windows7-x64

3

preloaded_data.pb

windows10-1703-x64

3

preloaded_data.pb

windows10-2004-x64

3

preloaded_data.pb

android-10-x64

preloaded_data.pb

android-11-x64

preloaded_data.pb

android-9-x86

preloaded_data.pb

macos-10.15-amd64

1

preloaded_data.pb

debian-9-armhf

preloaded_data.pb

debian-9-mips

preloaded_data.pb

debian-9-mipsel

preloaded_data.pb

ubuntu-18.04-amd64

Analysis

max time kernel
358s
max time network
1200s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
04/06/2023, 09:44

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

preloaded_data.pb

Resource

win7-20230220-en

windows7-x64

4 signatures

1200 seconds

Behavioral task

behavioral2

Sample

preloaded_data.pb

Resource

win10-20230220-en

windows10-1703-x64

3 signatures

1200 seconds

Behavioral task

behavioral3

Sample

preloaded_data.pb

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1200 seconds

Behavioral task

behavioral4

Sample

preloaded_data.pb

Resource

android-x64-20220823-en

android-10-x64

0 signatures

1200 seconds

Behavioral task

behavioral5

Sample

preloaded_data.pb

Resource

android-x64-arm64-20220823-en

android-11-x64

0 signatures

1200 seconds

Behavioral task

behavioral6

Sample

preloaded_data.pb

Resource

android-x86-arm-20220823-en

android-9-x86

0 signatures

1200 seconds

Behavioral task

behavioral7

Sample

preloaded_data.pb

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

1200 seconds

Behavioral task

behavioral8

Sample

preloaded_data.pb

Resource

debian9-armhf-20221125-en

debian-9-armhf

0 signatures

1200 seconds

Behavioral task

behavioral9

Sample

preloaded_data.pb

Resource

debian9-mipsbe-en-20211208

debian-9-mips

0 signatures

1200 seconds

Behavioral task

behavioral10

Sample

preloaded_data.pb

Resource

debian9-mipsel-20221111-en

debian-9-mipsel

0 signatures

1200 seconds

Behavioral task

behavioral11

Sample

preloaded_data.pb

Resource

ubuntu1804-amd64-20221125-en

ubuntu-18.04-amd64

0 signatures

1200 seconds

Report Analysis Logs

General

Target

preloaded_data.pb
Size

7KB
MD5

b4fe2db97a16fe084dcf2f90cd5d6a58
SHA1

fa035cef292f4f2c09c9bdead81f225ee981d52c
SHA256

80aefa570c4adbcb039045228d649bcf2a4ac15aa7cfa20fda89cdc48bf967a2
SHA512

dbcc8685e17897fc9f10fa435bdcbf31de4485651cb51982d4fd60dd5737c0f5351a8d9d03105038e0d8ec756f140401fd0242278dd915e4ad23d58dfb9c6265
SSDEEP

192:euxit79Ct2VyF1iww3I1dqvRYwwj6ILMqxs4:3xWCayF1R7Hj6ILMw

Score

1^/10

Malware Config

Signatures

Processes

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:489

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/preloaded_data.pb\""
1⤵
PID:490

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/preloaded_data.pb\""
1⤵
PID:490

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/preloaded_data.pb\""
1⤵
PID:490

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/preloaded_data.pb
1⤵
PID:490

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/preloaded_data.pb
1⤵
PID:490
- /bin/zsh
  /bin/zsh -c /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /bin/zsh
  /bin/zsh -c /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /Users/run/preloaded_data.pb
  /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /Users/run/preloaded_data.pb
  /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /bin/sh
  sh /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /bin/sh
  sh /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /bin/bash
  sh /Users/run/preloaded_data.pb
  2⤵
  PID:491
- /bin/bash
  sh /Users/run/preloaded_data.pb
  2⤵
  PID:491

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:492

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:493

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:522

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:544

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:545

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:545

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy