9a09c5366307f6d103e0aa14974b5709f045aec29cbd1efd165e80f72b74db77

General

Target

Bartender 5.0.31 [EDiSO].dmg
Size

8.4MB
MD5

f5d1feec393a4d1962ac22f88ee78908
SHA1

00b1628aa644151272ae3de3280f3f9009d37665
SHA256

9a09c5366307f6d103e0aa14974b5709f045aec29cbd1efd165e80f72b74db77
SHA512

cf4c40db7d4f5cc355531142a15bea2805bf39e9a87e96b303378ee101bb5dbf0b64eeb5b9200cd7b8c79845fc0323719eeca83ca89e4b1dd73a0e9752585850
SSDEEP

196608:blGkRGp44/090I0Odm8iUaNvDWwqFD+Qnfllw2VRjC:J444s9OOOUaRWwqFD1flSQ

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app\""
1⤵
PID:531

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app\""
1⤵
PID:531

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app\""
1⤵
PID:531

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app"
1⤵
PID:531

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app"
1⤵
PID:531
- /bin/zsh
  /bin/zsh -c "open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app"
  2⤵
  PID:532
- /bin/zsh
  /bin/zsh -c "open /Volumes/Bartender\\ 5.0.31\\ [EDiSO]/Bartender\\ 5.app"
  2⤵
  PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:545

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:547

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:548

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:549

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:550

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:550

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:551

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.27AB82B0-1F84-4D75-BA00-0D1779B260ED
1⤵
PID:554

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:570

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:563

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:569

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:567

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 561
1⤵
PID:572

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:572

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:575

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:575

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:575

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:575

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.dock.ecti.8434478D-6AAF-4B29-8BE5-867205052404 282
1⤵
PID:578

/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.9EDF4214-C70B-4CCA-AC26-512FC20FADC4 566
1⤵
PID:579

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.45C51732-880A-4093-9B5B-7B383181F6FD
1⤵
PID:589

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.sysextd
1⤵
PID:590

/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd
/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:591

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:591

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:592

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook
1⤵
PID:593

/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd
/System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Contents/MacOS/quicklookd
1⤵
PID:593

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.E8AB34E8-0920-4651-A352-842CF006E1E9 593
1⤵
PID:594

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Logs/DiagnosticReports/Finder_2023-10-05-154057_tests-iMac.spin

Filesize
1.7MB

MD5
d5d3c770123d0d4429798e885a5888ca

SHA1
3bc2f85391581f7c58311f4f66d64151aeab7cee

SHA256
80da9c9284401f66a4027a05beeb8b2d3d0a0c646e75fa8d1ad20da9bcfa8aec

SHA512
0ddbee5c48a84c5150f585a9c25007e3e67f5d67f9bdb943a0c8db04e64daafc5c7078e7d83ca6cfc062adf58e407ef024ad8b0c243a857e49eaf48c43c29a65

Download Submit
/private/var/db/spindump/.dat.nosync0223.QY4wOl

Filesize
83KB

MD5
9af4ba6d449acfae3b599cbf24c0354a

SHA1
a4f048efdb0195c98174fcf0e7573d274329d8d1

SHA256
334af8ff52f61757a5389d23cef1ce9d72d2ccd2fa234b083a9b2f730e317cd4

SHA512
8a2d325287a54fbc119946298da8f160c97b3791400bc2f84422de7be873a70d0d16d582ded74b0f77193a5bafd2d0bbaa58366db7b278a72b9d888c73ff9c12

Download Submit
/private/var/db/spindump/tailspin-trace.2023-10-05_15-40-06.tailspin

Filesize
16.9MB

MD5
5c31ccf1ba1a3f388efcc706c6524b85

SHA1
b4eb6e53f8195a2697d8814ed07979749b63491f

SHA256
0f5e43106c45fe0d20baede13a27cc839be3223a9c4340f0719464858e0848c7

SHA512
b9363358e4c97f0bf84c3bb03f89824c11a76e111b05d2f12e39372fc9251233291907f7cca85c6e6009e592ae760d977c03ed976c96d75ad8f31a85c53636a9

Download Submit
/private/var/db/spindump/tailspin-trace.2023-10-05_15-40-06.tailspin

Filesize
16.9MB

MD5
5c31ccf1ba1a3f388efcc706c6524b85

SHA1
b4eb6e53f8195a2697d8814ed07979749b63491f

SHA256
0f5e43106c45fe0d20baede13a27cc839be3223a9c4340f0719464858e0848c7

SHA512
b9363358e4c97f0bf84c3bb03f89824c11a76e111b05d2f12e39372fc9251233291907f7cca85c6e6009e592ae760d977c03ed976c96d75ad8f31a85c53636a9

Download Submit
/private/var/db/spindump/tailspin-trace.2023-10-05_15-40-06.tailspin

Filesize
16.9MB

MD5
5c31ccf1ba1a3f388efcc706c6524b85

SHA1
b4eb6e53f8195a2697d8814ed07979749b63491f

SHA256
0f5e43106c45fe0d20baede13a27cc839be3223a9c4340f0719464858e0848c7

SHA512
b9363358e4c97f0bf84c3bb03f89824c11a76e111b05d2f12e39372fc9251233291907f7cca85c6e6009e592ae760d977c03ed976c96d75ad8f31a85c53636a9

Download Submit
/private/var/db/spindump/tailspin-trace.2023-10-05_15-40-06.tailspin

Filesize
16.9MB

MD5
5c31ccf1ba1a3f388efcc706c6524b85

SHA1
b4eb6e53f8195a2697d8814ed07979749b63491f

SHA256
0f5e43106c45fe0d20baede13a27cc839be3223a9c4340f0719464858e0848c7

SHA512
b9363358e4c97f0bf84c3bb03f89824c11a76e111b05d2f12e39372fc9251233291907f7cca85c6e6009e592ae760d977c03ed976c96d75ad8f31a85c53636a9

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/spindump.txt

Filesize
560KB

MD5
f502b88cc61a7fb9b3411c5d05dad02e

SHA1
d1344e31b2e7ea726c2b7e479228ad0323038786

SHA256
2c21aab3d70b4a5820a42ae0c5f9c166906382d08369342654970de69ac6ee92

SHA512
81ee56ff7eba4dcd2a26b38115a86d5d243bc720c4e5ecf524719d98b335f1835cc1aac84d42583b4545535691ab0cceccf8a99bd3af037f5c2dd6527e1147d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads