Analysis
-
max time kernel
17s -
max time network
22s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
-
submitted
27/08/2023, 19:29
General
-
Target
License.command
-
Size
462B
-
MD5
6f22391b847748142643f916b949540f
-
SHA1
c84b1e6efe7900b3c07009f4e719970e01eb19e3
-
SHA256
838a59b8c49cc5843758f0b45073ac4082b2e5a923da1db1f3e6cee3895685f2
-
SHA512
07a31c48ed2f6767fbc177bb0be399ea36820775d18b31b320b9c880ca5ff0744d69919fd4d701ac055503b5323a63aad19d48d7e43f11b922da2bc0c7fb4fff
Malware Config
Signatures
Processes
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/License.command\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/License.command\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/License.command\""1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/License.command1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/License.command1⤵
-
/bin/zsh/bin/zsh -c /Users/run/License.command2⤵
-
-
/bin/zsh/bin/zsh -c /Users/run/License.command2⤵
-
-
/Users/run/License.command/Users/run/License.command2⤵
-
-
/Users/run/License.command/Users/run/License.command2⤵
-
-
/bin/shsh /Users/run/License.command2⤵
-
-
/bin/shsh /Users/run/License.command2⤵
-
-
/bin/bashsh /Users/run/License.command2⤵
-
-
/bin/bashsh /Users/run/License.command2⤵
-
/usr/bin/killallkillall AlDente3⤵
-
-
/usr/bin/killallkillall AlDente3⤵
-
-
/bin/mkdirmkdir "/Users/run/Library/Application Support/AlDente"3⤵
-
-
/bin/mkdirmkdir "/Users/run/Library/Application Support/AlDente"3⤵
-
-
/usr/bin/dirnamedirname /Users/run/License.command3⤵
-
-
/usr/bin/dirnamedirname /Users/run/License.command3⤵
-
-
/bin/cpcp -R AlDente "/Users/run/Library/Application Support/"3⤵
-
-
/bin/cpcp -R AlDente "/Users/run/Library/Application Support/"3⤵
-
-
/usr/bin/osascriptosascript3⤵
-
-
/usr/bin/osascriptosascript3⤵
-
-
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemevents.13321⤵
-
/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.FolderActionsDispatcher1⤵
-
/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
279B
MD59070d5584a5ba4443b89b488ed65e279
SHA1692e3f23ffa2053a5faf67d88ba21fd8b479521b
SHA2564203a1e1d1a7217356ded6dfa7fa35e79b813eab0692ad29170f53432ec1162b
SHA51260e6e834f353eb8184aefadcee7101b9ea17f015fd2be502c7e135d34fcc79f03a4155d96f886fee0fd627e3fccf158f507ac5d7a84f18c9391d67640e8793f1
-
Filesize
279B
MD59070d5584a5ba4443b89b488ed65e279
SHA1692e3f23ffa2053a5faf67d88ba21fd8b479521b
SHA2564203a1e1d1a7217356ded6dfa7fa35e79b813eab0692ad29170f53432ec1162b
SHA51260e6e834f353eb8184aefadcee7101b9ea17f015fd2be502c7e135d34fcc79f03a4155d96f886fee0fd627e3fccf158f507ac5d7a84f18c9391d67640e8793f1