48f60e2bd1c641612d26d1c27b22fd50aa0826e780b4c57e5e1cc4133d687085 | Triage

Submit
Reports

Overview

overview

1

Static

static

1

76D0E2D1-8...0F.jpg

macos-10.15-amd64

1

Analysis

max time kernel
196s
max time network
205s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
12/06/2023, 17:58

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
Size

337KB
MD5

222e62c1bb38ee43fead12d9e5918a9f
SHA1

534c8f981755680a065510a1b8de836d2b66db0b
SHA256

48f60e2bd1c641612d26d1c27b22fd50aa0826e780b4c57e5e1cc4133d687085
SHA512

c7eeab8c7b9454a4cc6772dae93cfa5aa4d71229f95cee97ce36aaeda1978d829cfc12af927831225f2ffa29eee27aaa0a9901e2addc9f08781b7b2b043aa931
SSDEEP

6144:r/ZSTzRccDbb8cCurrFcbSJFmv+SMOQ5VPnnorTLNzG2rjS5FMkm64as/0N5Vxs:r/ZaRB8cCu3ybSJFc+/OYnaTLxDu34aO

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg\""
1⤵
PID:496

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg\""
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
1⤵
PID:496

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
1⤵
PID:496
- /bin/zsh
  /bin/zsh -c /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  2⤵
  PID:506
- /bin/zsh
  /bin/zsh -c /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  2⤵
  PID:506
- /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  2⤵
  PID:506
- /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  /Users/run/76D0E2D1-89A3-42BD-85BD-20B448B7EA0F.jpg
  2⤵
  PID:506

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:507

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:509

/bin/ls
ls
1⤵
PID:534

/bin/ls
ls
1⤵
PID:534

/usr/local/bin/dir
dir
1⤵
PID:535

/usr/local/bin/dir
dir
1⤵
PID:535

/usr/bin/dir
dir
1⤵
PID:535

/usr/bin/dir
dir
1⤵
PID:535

/bin/dir
dir
1⤵
PID:535

/bin/dir
dir
1⤵
PID:535

/usr/sbin/dir
dir
1⤵
PID:535

/usr/sbin/dir
dir
1⤵
PID:535

/sbin/dir
dir
1⤵
PID:535

/sbin/dir
dir
1⤵
PID:535

/bin/ls
ls
1⤵
PID:536

/bin/ls
ls
1⤵
PID:536

/usr/local/bin/scan
scan
1⤵
PID:537

/usr/local/bin/scan
scan
1⤵
PID:537

/usr/bin/scan
scan
1⤵
PID:537

/usr/bin/scan
scan
1⤵
PID:537

/bin/scan
scan
1⤵
PID:537

/bin/scan
scan
1⤵
PID:537

/usr/sbin/scan
scan
1⤵
PID:537

/usr/sbin/scan
scan
1⤵
PID:537

/sbin/scan
scan
1⤵
PID:537

/sbin/scan
scan
1⤵
PID:537

/usr/local/bin/help
help
1⤵
PID:538

/usr/local/bin/help
help
1⤵
PID:538

/usr/bin/help
help
1⤵
PID:538

/usr/bin/help
help
1⤵
PID:538

/bin/help
help
1⤵
PID:538

/bin/help
help
1⤵
PID:538

/usr/sbin/help
help
1⤵
PID:538

/usr/sbin/help
help
1⤵
PID:538

/sbin/help
help
1⤵
PID:538

/sbin/help
help
1⤵
PID:538

/usr/local/bin/virusscan
virusscan
1⤵
PID:540

/usr/local/bin/virusscan
virusscan
1⤵
PID:540

/usr/bin/virusscan
virusscan
1⤵
PID:540

/usr/bin/virusscan
virusscan
1⤵
PID:540

/bin/virusscan
virusscan
1⤵
PID:540

/bin/virusscan
virusscan
1⤵
PID:540

/usr/sbin/virusscan
virusscan
1⤵
PID:540

/usr/sbin/virusscan
virusscan
1⤵
PID:540

/sbin/virusscan
virusscan
1⤵
PID:540

/sbin/virusscan
virusscan
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:555

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:555

/usr/bin/login
login -pfq run /usr/bin/ssh -p 22 tests-iMac.local.
1⤵
PID:559

/usr/bin/login
login -pfq run /usr/bin/ssh -p 22 tests-iMac.local.
1⤵
PID:559
- /usr/bin/ssh
  -ssh -p 22 tests-iMac.local.
  2⤵
  PID:560
- /usr/bin/ssh
  -ssh -p 22 tests-iMac.local.
  2⤵
  PID:560

/usr/libexec/xpcproxy
xpcproxy com.openssh.sshd.815E7ADA-F420-4E3D-8CB3-5CF03DDCA1D1
1⤵
PID:561

/usr/libexec/sshd-keygen-wrapper
/usr/sbin/sshd -i
1⤵
PID:561

/usr/sbin/sshd
/usr/sbin/sshd -i
1⤵
PID:561

/usr/sbin/sshd
/usr/sbin/sshd -i
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.openssh.ssh-agent
1⤵
PID:564

/usr/bin/ssh-agent
/usr/bin/ssh-agent -l
1⤵
PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/.ssh/known_hosts

Filesize
179B

MD5
9c335b6cc394c73e6725a8f64919fadf

SHA1
ccb371aa963ada89fbfb22eb825330855c3c88e6

SHA256
6675685837bade5ac984e66a139cef23e6fab85dfe77d4fd9cffc6bc4b72735f

SHA512
74a810c92ce096ae8efc134b7044e94e0f2b230727e3adc598f2f0aed74dfcddc35c2530a82eec85ffd1917c6f96fae6db5ff98b28ea7aabcb896072a04f9c42

Download Submit

© 2018-2025

Terms | Privacy