Analysis
-
max time kernel
29s -
max time network
32s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
-
submitted
03/07/2023, 00:02
General
-
Target
VencordInstaller.MacOS.zip
-
Size
3.5MB
-
MD5
038858a6b675273dfa5496fe6eae7d35
-
SHA1
52a1da6bc3169a54d2df7acc9b0d5c3de5534a07
-
SHA256
f1635908416ef67f7385c364820043b470c3102f7fe5fc16351486c8f6a6bd1c
-
SHA512
26b482ecea2a41d2d2eeb6c2d2fef8fe9dc4a3d0a52c58ff179150bbae02a2e050f9ec9753f3c4e83b5a218f51b0629c42370f68f66b9386517be9ec86aa3122
-
SSDEEP
98304:W6pw7EV1wKNGJb9m5WYq670sxB7+sTwIy4AoIbHRf5PCE:WBuBN605nqJsxJ+IZy4CbxfZCE
Malware Config
Signatures
Processes
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/VencordInstaller.MacOS.zip\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/VencordInstaller.MacOS.zip\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/VencordInstaller.MacOS.zip\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/VencordInstaller.MacOS.zip1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/VencordInstaller.MacOS.zip1⤵
-
/bin/zsh/bin/zsh -c /Users/run/VencordInstaller.MacOS.zip2⤵
-
-
/bin/zsh/bin/zsh -c /Users/run/VencordInstaller.MacOS.zip2⤵
-
-
/Users/run/VencordInstaller.MacOS.zip/Users/run/VencordInstaller.MacOS.zip2⤵
-
-
/Users/run/VencordInstaller.MacOS.zip/Users/run/VencordInstaller.MacOS.zip2⤵
-
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariServices 3211⤵
-
/Library/Apple/System/Library/Frameworks/SafariServices.framework/Versions/A/XPCServices/com.apple.SafariServices.xpc/Contents/MacOS/com.apple.SafariServices/Library/Apple/System/Library/Frameworks/SafariServices.framework/Versions/A/XPCServices/com.apple.SafariServices.xpc/Contents/MacOS/com.apple.SafariServices1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.DA719D43-3483-4830-87DA-071C58865F51 3211⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.archiveutility.25681⤵
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility"1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
-
/usr/bin/macbinary/usr/bin/macbinary probe --verbose /Users/run/VencordInstaller.MacOS.zip1⤵
-
/usr/bin/file/usr/bin/file -b /Users/run/VencordInstaller.MacOS.zip1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.archiveutility.auhelperservice 5291⤵
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"1⤵
-
/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 5291⤵
-
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner1⤵
-
/usr/bin/bzip2/usr/bin/bzip2 -f /var/log/wifi.log.01⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.26B2155A-5499-4235-8354-B27D48C87B0F 5401⤵
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.DictionaryServiceHelper1⤵
-
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.8580834D-02CA-418F-AF93-D81BD1DE92CE 3211⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
274KB
MD52135541768d086f40b1d02e23c155527
SHA1dd69afe7a76dfe3c43cfcb65eb924cbed1c19612
SHA25658536741b8f210853e340cc2325c6848073b6bb5ef9d4b25fa8649feb8da68ed
SHA512d61540fb69f1304e8feeb769fa8e4bf02eee27ba710fc774bb886fcb96bcb922546abc58194fcf234e1be2f47aa5c9b0cd38fdd1ac52dc8469bf28198513bb30
-
Filesize
274KB
MD52135541768d086f40b1d02e23c155527
SHA1dd69afe7a76dfe3c43cfcb65eb924cbed1c19612
SHA25658536741b8f210853e340cc2325c6848073b6bb5ef9d4b25fa8649feb8da68ed
SHA512d61540fb69f1304e8feeb769fa8e4bf02eee27ba710fc774bb886fcb96bcb922546abc58194fcf234e1be2f47aa5c9b0cd38fdd1ac52dc8469bf28198513bb30
-
Filesize
27.8MB
MD5e664905b64da9edd26940b86a02ec193
SHA1fdf8a7f135169eb5f3a7807cf559c5b00c2ff915
SHA25677fad416c3c569afd44faf729efd8b3130c6cfe43889206ad9f2e39a5a6069b4
SHA512be2ec1f18fe10da57309c405848e413bdf6cc0b05f62c5d21488abbc96a2901ef0a3610528fb9c84c7150d358bdc717d867b33bad50ac1a2fd153f0102f9c442
-
Filesize
27.8MB
MD5e664905b64da9edd26940b86a02ec193
SHA1fdf8a7f135169eb5f3a7807cf559c5b00c2ff915
SHA25677fad416c3c569afd44faf729efd8b3130c6cfe43889206ad9f2e39a5a6069b4
SHA512be2ec1f18fe10da57309c405848e413bdf6cc0b05f62c5d21488abbc96a2901ef0a3610528fb9c84c7150d358bdc717d867b33bad50ac1a2fd153f0102f9c442
-
Filesize
130KB
MD5d7a70ea3126d8acf6da4a58158c120c2
SHA1d5d6a7e54c3db235c3b344bc0cc0cf96bd08f74f
SHA2567c05efff808e722882e29956eb8e50ed8f577bb60672719cc868df1abd1a433a
SHA512dff3647f8c51c1b9f6b7dc77ab86635d388c28c6ded4e8df8aa369221ff3084de41898ec567303a2d00ec1860eef1d7522a12f63fd71b3aa3d82eb819f01ef8d
-
Filesize
130KB
MD5d7a70ea3126d8acf6da4a58158c120c2
SHA1d5d6a7e54c3db235c3b344bc0cc0cf96bd08f74f
SHA2567c05efff808e722882e29956eb8e50ed8f577bb60672719cc868df1abd1a433a
SHA512dff3647f8c51c1b9f6b7dc77ab86635d388c28c6ded4e8df8aa369221ff3084de41898ec567303a2d00ec1860eef1d7522a12f63fd71b3aa3d82eb819f01ef8d
-
Filesize
552B
MD588270d7617dee100e854990c309d9d9b
SHA14651cb4117cb1079a9b8cfe1d7f633858bdad2b6
SHA25682a5338c62ba4120d17bdbf821a36de6a743f2695eeb6f5d51a05219edc75a57
SHA512344cd61b2bb7abac1fe2d598074c30359ea1bc11f4a5f56c4b3a4af5152c43a594e4fb69fb50606d0ae54fbdfdea9803ba5d36accf39d562d0070dbeb4fa508b
-
Filesize
10.1MB
MD524424f0e1568e8d9a50d8a00af1e23ec
SHA18381560447c0ae69ffefddc791f7bb4d388b6d11
SHA2563fb0421fd3aa68157dee05d98041f8ccd698bcf18176acaa1505a89d0537518a
SHA512459eb3ced45697adcdde46e7e8fa1212d7bfbf97961ecb93f115836238daf156cb79029d2791f0b2b3bf55c90f3d036c50b172b16854c951b94e90c8dd95b462
-
Filesize
28KB
MD564afb7f870b8069d611c6db2f5ef47bc
SHA11805836ffc62cb99b6e620ab33a12a4e1ec81fc6
SHA2565c471baef46aa27d9fa6626f387761dfbc562dbe2391bc6a1386c98654fa6e94
SHA51217bc72aff0021a7f33ffba23ab8730bf49aa3fd5a74fdc4ff58fe98da764711e9d97b3a0730b91471a508dcb1ac2541ef75aee82025262df55bc24bfadafe27a
-
Filesize
637B
MD5fc80cfc4665dd5db0fc5582245d95899
SHA10490909ee3bba782533642a37ec4895b316f8b84
SHA256061b60d547cbe2ac0eb713de90467a5ff4e073ecd5d65f413bdcddf4ce4d36e9
SHA512e6fda17ba325fb53e34cf4cb58c6661156a3352b25e2913633647c35c7d69319ac9a8edb88c2a78f79b17d6ce511f7c17cc225c9fd09a923716efe41f5cdc57c
-
Filesize
637B
MD5fc80cfc4665dd5db0fc5582245d95899
SHA10490909ee3bba782533642a37ec4895b316f8b84
SHA256061b60d547cbe2ac0eb713de90467a5ff4e073ecd5d65f413bdcddf4ce4d36e9
SHA512e6fda17ba325fb53e34cf4cb58c6661156a3352b25e2913633647c35c7d69319ac9a8edb88c2a78f79b17d6ce511f7c17cc225c9fd09a923716efe41f5cdc57c