hxxps://sf-helper[.]net/dist/2023-06-08/SF-Helper[.]exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056

Resubmissions

10/07/2023, 09:44

230710-lqyhlaaf2t 1

10/07/2023, 09:30

230710-lgwbwahf27 1

10/07/2023, 08:51

230710-kr6d6aac5x 8

10/07/2023, 08:20

230710-j8sc7ahc68 8

Analysis

max time kernel
37s
max time network
32s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10/07/2023, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:502

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:503

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
1⤵
PID:505
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
  2⤵
  PID:508
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
  2⤵
  PID:508

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:502

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:503

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
1⤵
PID:505

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
1⤵
PID:505
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
  2⤵
  PID:508
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
  2⤵
  PID:508

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads