Resubmissions

13/09/2023, 22:43

230913-2m9pfsaa44 1

13/09/2023, 22:41

230913-2l99lafc9v 1

13/09/2023, 22:41

230913-2l7hpsaa35 1

13/09/2023, 22:41

230913-2l43ksfc9t 1

Analysis

  • max time kernel
    2s
  • max time network
    12s
  • platform
    macos-10.15_amd64
  • resource
    macos-20230831-en
  • resource tags

    arch:amd64arch:i386image:macos-20230831-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    13/09/2023, 22:43

General

  • Target

    feed.html

  • Size

    288B

  • MD5

    9034bab8201ca968dabc204d43d19963

  • SHA1

    c813a10a8654aa3d888e8c95e509836eb6ac387a

  • SHA256

    28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1

  • SHA512

    5e4a57214f55613e4c5c2c9e5c252b9065df497f71b2213fa0033ff958b21e8ba2e54b7b4f189b6291e3d8f2f4b795df9425c0a027fae2de0532747c7dbcaa10

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:654
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:655
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:656
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/feed.html\""
          1⤵
            PID:658
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/feed.html\""
            1⤵
              PID:658
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/feed.html\""
              1⤵
                PID:658
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/feed.html
                1⤵
                  PID:658
                • /usr/bin/sudo
                  sudo /bin/zsh -c /Users/run/feed.html
                  1⤵
                    PID:658
                    • /bin/zsh
                      /bin/zsh -c /Users/run/feed.html
                      2⤵
                        PID:659
                      • /bin/zsh
                        /bin/zsh -c /Users/run/feed.html
                        2⤵
                          PID:659
                        • /Users/run/feed.html
                          /Users/run/feed.html
                          2⤵
                            PID:659
                          • /Users/run/feed.html
                            /Users/run/feed.html
                            2⤵
                              PID:659
                            • /bin/sh
                              sh /Users/run/feed.html
                              2⤵
                                PID:659
                              • /bin/sh
                                sh /Users/run/feed.html
                                2⤵
                                  PID:659
                                • /bin/bash
                                  sh /Users/run/feed.html
                                  2⤵
                                    PID:659
                                  • /bin/bash
                                    sh /Users/run/feed.html
                                    2⤵
                                      PID:659

                                  Network

                                        MITRE ATT&CK Matrix

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads