e26048c37d1cada2e883222798add42ea2c3a15216af0800e25c9f3569e6c4f7

Resubmissions

30/06/2023, 21:30

230630-1ck3nsfg9s 1

30/06/2023, 21:28

230630-1bqlrseg54 1

Analysis

max time kernel
49s
max time network
44s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30/06/2023, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mcbot-main.zip
Size

3.9MB
MD5

f8791f090a814e87b45741794c29b9b0
SHA1

8cdfbfd8d25ab1a31d6193fb707d686cad6fc6dc
SHA256

e26048c37d1cada2e883222798add42ea2c3a15216af0800e25c9f3569e6c4f7
SHA512

02b076ae7edc49d4c209395d0be131dbfe699f7c0f338cad00550eb23fd626e792b9e8e2555fc7131690c9866a41be55da40b33af0f48b1a869ae97ceef16a18
SSDEEP

98304:wCkZ4Mp/g8GXOn+vnk/kI2k8RpIZrXdCq++/vID+pqxHml:EZ5N+vnk/k5VyNb7vpf

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:501

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:502

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:503

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/mcbot-main.zip\""
1⤵
PID:504

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/mcbot-main.zip\""
1⤵
PID:504

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/mcbot-main.zip\""
1⤵
PID:504

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/mcbot-main.zip
1⤵
PID:504

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/mcbot-main.zip
1⤵
PID:504
- /bin/zsh
  /bin/zsh -c /Users/run/mcbot-main.zip
  2⤵
  PID:512
- /bin/zsh
  /bin/zsh -c /Users/run/mcbot-main.zip
  2⤵
  PID:512
- /Users/run/mcbot-main.zip
  /Users/run/mcbot-main.zip
  2⤵
  PID:512
- /Users/run/mcbot-main.zip
  /Users/run/mcbot-main.zip
  2⤵
  PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:518

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:518

/bin/ls
ls
1⤵
PID:520

/bin/ls
ls
1⤵
PID:520

/usr/bin/open
open .
1⤵
PID:521

/usr/bin/open
open .
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.9DBF2BD1-51CB-4222-88E1-C0E2E620D71C 523
1⤵
PID:525

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:527

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.archiveutility.2568
1⤵
PID:528

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility
"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility"
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:529

/usr/bin/macbinary
/usr/bin/macbinary probe --verbose /Users/run/mcbot-main.zip
1⤵
PID:530

/usr/bin/file
/usr/bin/file -b /Users/run/mcbot-main.zip
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.archiveutility.auhelperservice 528
1⤵
PID:532

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService
"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"
1⤵
PID:532

/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 528
1⤵
PID:535

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
1⤵
PID:535

/bin/ls
ls
1⤵
PID:542

/bin/ls
ls
1⤵
PID:542

/usr/bin/java
java -version
1⤵
PID:543

/usr/bin/java
java -version
1⤵
PID:543

/usr/libexec/java_home/bin/java
/usr/bin/java -version
1⤵
PID:543

/usr/bin/java
java
1⤵
PID:548

/usr/bin/java
java
1⤵
PID:548

/usr/libexec/java_home/bin/java
/usr/bin/java
1⤵
PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/mcbot-main/methods.txt

Filesize
265B

MD5
ed92fea7145c7b9890e941631335bbcb

SHA1
b04d88798f79b2aa16aeae32a5ce7f59ed86d85d

SHA256
01c173ecf156d09686bf8e6a419d0443d5c9eba9347592808bb129ec986b487b

SHA512
aa2462a375f84ecd450b2ea1cdb95ead6fa91fba957d604e53d72700420160ab4ea9672f1a0ddd7ea69199856a38022692d2cf5a86eaee49fe47cfea60db0b38

Download Submit
/Users/run/mcbot-main/proxies.txt

Filesize
28KB

MD5
2e87bfaa387ad4949cde933915279494

SHA1
f93af0fe7b61a84bdfd4fbbdc6cc3aa48ead63ca

SHA256
1e48e104862d74b0c77630b2fc8bc6685a3660edfed3d77f71ec08ca25755ea5

SHA512
3634e003a78d38930ff7a93cb9efd91f130ab9a485ab29c215bcd33b2eb55bcacb04d68bc1e841b9784b42746597d9a8559b5a6c8d4b0a5f9985082e3a0686cb

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/MCBOT.jar

Filesize
4.3MB

MD5
67f180ee8e6f0338db10b6499daf624a

SHA1
a9b471f5476fdc4be9248bef5024b475bba65589

SHA256
04a5547a8bf159523c7401fc0fab2d7055d946952917b090ed3904ee865f163e

SHA512
d009db057fcc02a64ab7d5313cb6029a1a2f7d56cd89efbb1e327e5ab038dab351171e2ced50498e4bdde877037e353a1d5671f56bf62e41dd5376ba5cd79117

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/MCBOT.jar

Filesize
4.3MB

MD5
67f180ee8e6f0338db10b6499daf624a

SHA1
a9b471f5476fdc4be9248bef5024b475bba65589

SHA256
04a5547a8bf159523c7401fc0fab2d7055d946952917b090ed3904ee865f163e

SHA512
d009db057fcc02a64ab7d5313cb6029a1a2f7d56cd89efbb1e327e5ab038dab351171e2ced50498e4bdde877037e353a1d5671f56bf62e41dd5376ba5cd79117

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/README.md

Filesize
661B

MD5
64a0f0a841a7ec1e014e4ce02c699758

SHA1
bdd75b1671acea17a79544779023cbc97dd19af8

SHA256
17e46df67da70ceedd6822835c1627dc1db4a28002fc0e2028f4bb3862b18de9

SHA512
42caaee58f92344a428be43eddd48d6b3f214b28d4e8d438fd38ed1e88305abc639a2355e6cc20d9f23eb0b34e0d19f7794b8bad442703434dba6a9972f6942f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/README.md

Filesize
661B

MD5
64a0f0a841a7ec1e014e4ce02c699758

SHA1
bdd75b1671acea17a79544779023cbc97dd19af8

SHA256
17e46df67da70ceedd6822835c1627dc1db4a28002fc0e2028f4bb3862b18de9

SHA512
42caaee58f92344a428be43eddd48d6b3f214b28d4e8d438fd38ed1e88305abc639a2355e6cc20d9f23eb0b34e0d19f7794b8bad442703434dba6a9972f6942f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/icon/test.ico

Filesize
36KB

MD5
d8e9c5d5a245372966f5029b7d36bd06

SHA1
efbfebbaaaa4317f28acb00b87dd3c2e6e3220c2

SHA256
ea9bc14a8b1a03a33df68a777eb46a2bfaa7900d1eb4ec2bf61ed23577164429

SHA512
70dd9a643ea055750696b06530348408af032b13a5177e2994d634db6d82d9d2875e178bde6dfb0cdba2aff1d63cd43ddb94c1ddd292044559c0ccf0287c3349

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/icon/test.ico

Filesize
36KB

MD5
d8e9c5d5a245372966f5029b7d36bd06

SHA1
efbfebbaaaa4317f28acb00b87dd3c2e6e3220c2

SHA256
ea9bc14a8b1a03a33df68a777eb46a2bfaa7900d1eb4ec2bf61ed23577164429

SHA512
70dd9a643ea055750696b06530348408af032b13a5177e2994d634db6d82d9d2875e178bde6dfb0cdba2aff1d63cd43ddb94c1ddd292044559c0ccf0287c3349

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/methods.txt

Filesize
265B

MD5
ed92fea7145c7b9890e941631335bbcb

SHA1
b04d88798f79b2aa16aeae32a5ce7f59ed86d85d

SHA256
01c173ecf156d09686bf8e6a419d0443d5c9eba9347592808bb129ec986b487b

SHA512
aa2462a375f84ecd450b2ea1cdb95ead6fa91fba957d604e53d72700420160ab4ea9672f1a0ddd7ea69199856a38022692d2cf5a86eaee49fe47cfea60db0b38

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/methods.txt

Filesize
265B

MD5
ed92fea7145c7b9890e941631335bbcb

SHA1
b04d88798f79b2aa16aeae32a5ce7f59ed86d85d

SHA256
01c173ecf156d09686bf8e6a419d0443d5c9eba9347592808bb129ec986b487b

SHA512
aa2462a375f84ecd450b2ea1cdb95ead6fa91fba957d604e53d72700420160ab4ea9672f1a0ddd7ea69199856a38022692d2cf5a86eaee49fe47cfea60db0b38

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/proxies.txt

Filesize
28KB

MD5
2e87bfaa387ad4949cde933915279494

SHA1
f93af0fe7b61a84bdfd4fbbdc6cc3aa48ead63ca

SHA256
1e48e104862d74b0c77630b2fc8bc6685a3660edfed3d77f71ec08ca25755ea5

SHA512
3634e003a78d38930ff7a93cb9efd91f130ab9a485ab29c215bcd33b2eb55bcacb04d68bc1e841b9784b42746597d9a8559b5a6c8d4b0a5f9985082e3a0686cb

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.fileprovider.ArchiveService/TemporaryItems/(A Document Being Saved By ArchiveService)/mcbot-main/proxies.txt

Filesize
28KB

MD5
2e87bfaa387ad4949cde933915279494

SHA1
f93af0fe7b61a84bdfd4fbbdc6cc3aa48ead63ca

SHA256
1e48e104862d74b0c77630b2fc8bc6685a3660edfed3d77f71ec08ca25755ea5

SHA512
3634e003a78d38930ff7a93cb9efd91f130ab9a485ab29c215bcd33b2eb55bcacb04d68bc1e841b9784b42746597d9a8559b5a6c8d4b0a5f9985082e3a0686cb

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads