6c1f98c25e0e3491b8b3947f0163b9bfec8baaccf9bbaf08820a683cdb0d05a5

Analysis

max time kernel
97s
max time network
129s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
07/11/2023, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Beefeater.zip
Size

1.2MB
MD5

26a9e8f1a5e17f5d7501e21b6f13831f
SHA1

b83689931119b4310baffb0453ec5b49c704abc9
SHA256

6c1f98c25e0e3491b8b3947f0163b9bfec8baaccf9bbaf08820a683cdb0d05a5
SHA512

f3f211a7002b793b06f32ed55dd8ea8f705b29e529b66c6a7f4871be69f4a4cbce5a6affcc2df1c275937607e3d1a8d210b21cd052ce44e9d4017bbf858bf0c4
SSDEEP

24576:GbJHXDCqc8RL11Kw1gizQ22XJoB6IuJR0v6ZHQk2BMH6o1GeaR4SdMm:O5e8RLmw1gi829UT0v6ZH5oMbm

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Beefeater.zip\""
1⤵
PID:488

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Beefeater.zip\""
1⤵
PID:488

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Beefeater.zip\""
1⤵
PID:488

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Beefeater.zip
1⤵
PID:488

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Beefeater.zip
1⤵
PID:488
- /bin/zsh
  /bin/zsh -c /Users/run/Beefeater.zip
  2⤵
  PID:510
- /bin/zsh
  /bin/zsh -c /Users/run/Beefeater.zip
  2⤵
  PID:510
- /Users/run/Beefeater.zip
  /Users/run/Beefeater.zip
  2⤵
  PID:510
- /Users/run/Beefeater.zip
  /Users/run/Beefeater.zip
  2⤵
  PID:510

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:509

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:511

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:519

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:519

/usr/bin/unzip
unzip Beefeater.zip
1⤵
PID:520

/usr/bin/unzip
unzip Beefeater.zip
1⤵
PID:520

/bin/chmod
chmod 777 Run-MachO.txt
1⤵
PID:535

/bin/chmod
chmod 777 Run-MachO.txt
1⤵
PID:535

/bin/chmod
chmod +x Run-MachO.txt
1⤵
PID:536

/bin/chmod
chmod +x Run-MachO.txt
1⤵
PID:536

./Run-MachO.txt
./Run-MachO.txt
1⤵
PID:538

./Run-MachO.txt
./Run-MachO.txt
1⤵
PID:538

/bin/sh
sh ./Run-MachO.txt
1⤵
PID:538

/bin/sh
sh ./Run-MachO.txt
1⤵
PID:538

/bin/bash
sh ./Run-MachO.txt
1⤵
PID:538

/bin/bash
sh ./Run-MachO.txt
1⤵
PID:538
- /bin/chmod
  chmod +rwx GoogleSoftwareUpdate
  2⤵
  PID:539
- /bin/chmod
  chmod +rwx GoogleSoftwareUpdate
  2⤵
  PID:539
- ./GoogleSoftwareUpdate
  ./GoogleSoftwareUpdate 8.8.8.8
  2⤵
  PID:540
- ./GoogleSoftwareUpdate
  ./GoogleSoftwareUpdate 8.8.8.8
  2⤵
  PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Beefeater/.DS_Store

Filesize
6KB

MD5
194577a7e20bdcc7afbb718f502c134c

SHA1
df2fbeb1400acda0909a32c1cf6bf492f1121e07

SHA256
d65165279105ca6773180500688df4bdc69a2c7b771752f0a46ef120b7fd8ec3

SHA512
58941214a8334331e52114aab851fc3d8d5da5dd14983f933da8735c24b0ddcac134e8f13692553199c4d9a14a4b3188b62878a30b9d696edda1204666b60837

Download Submit
/Users/run/Beefeater/GoogleSoftwareUpdate

Filesize
2.7MB

MD5
2462bab0fdd54fd2a2b8483297004e30

SHA1
bb9643b443541320142e4049bf2e14810f442626

SHA256
081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48

SHA512
4252c23090c89ab7bcf04f9f0dbe2572b86ff0eddef6155ec4da5f995fd3bb025d720f413141532eff750ae1d74d10acc078e87afbbec492c8d01ba2e202d14c

Download Submit
/Users/run/Beefeater/GoogleSoftwareUpdate

Filesize
2.7MB

MD5
2462bab0fdd54fd2a2b8483297004e30

SHA1
bb9643b443541320142e4049bf2e14810f442626

SHA256
081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48

SHA512
4252c23090c89ab7bcf04f9f0dbe2572b86ff0eddef6155ec4da5f995fd3bb025d720f413141532eff750ae1d74d10acc078e87afbbec492c8d01ba2e202d14c

Download Submit
/Users/run/Beefeater/Run-MachO.txt

Filesize
62B

MD5
74d53859e6638af584722c6fcd877403

SHA1
bd4623a8d3e6b1bc890d46614ef093aede86bb27

SHA256
b8b806eb408e9a7687327e97d4d89d6d6e7942a1171774005a69027e5ae27c03

SHA512
c8639ed0a0cb351a065f3fd310d95df07e175f564440a24314efe138a8dc4b00ef261c9e81f9b3b37e8ef2ede31914134bd3b945e3221730707f0f770328cd2d

Download Submit
/Users/run/Beefeater/Run-MachO.txt

Filesize
62B

MD5
74d53859e6638af584722c6fcd877403

SHA1
bd4623a8d3e6b1bc890d46614ef093aede86bb27

SHA256
b8b806eb408e9a7687327e97d4d89d6d6e7942a1171774005a69027e5ae27c03

SHA512
c8639ed0a0cb351a065f3fd310d95df07e175f564440a24314efe138a8dc4b00ef261c9e81f9b3b37e8ef2ede31914134bd3b945e3221730707f0f770328cd2d

Download Submit
/Users/run/Beefeater/Run-MachO.txt

Filesize
62B

MD5
74d53859e6638af584722c6fcd877403

SHA1
bd4623a8d3e6b1bc890d46614ef093aede86bb27

SHA256
b8b806eb408e9a7687327e97d4d89d6d6e7942a1171774005a69027e5ae27c03

SHA512
c8639ed0a0cb351a065f3fd310d95df07e175f564440a24314efe138a8dc4b00ef261c9e81f9b3b37e8ef2ede31914134bd3b945e3221730707f0f770328cd2d

Download Submit
/Users/run/Beefeater/Run-MachO.txt

Filesize
62B

MD5
74d53859e6638af584722c6fcd877403

SHA1
bd4623a8d3e6b1bc890d46614ef093aede86bb27

SHA256
b8b806eb408e9a7687327e97d4d89d6d6e7942a1171774005a69027e5ae27c03

SHA512
c8639ed0a0cb351a065f3fd310d95df07e175f564440a24314efe138a8dc4b00ef261c9e81f9b3b37e8ef2ede31914134bd3b945e3221730707f0f770328cd2d

Download Submit
/Users/run/Beefeater/Run-MachO.txt

Filesize
62B

MD5
74d53859e6638af584722c6fcd877403

SHA1
bd4623a8d3e6b1bc890d46614ef093aede86bb27

SHA256
b8b806eb408e9a7687327e97d4d89d6d6e7942a1171774005a69027e5ae27c03

SHA512
c8639ed0a0cb351a065f3fd310d95df07e175f564440a24314efe138a8dc4b00ef261c9e81f9b3b37e8ef2ede31914134bd3b945e3221730707f0f770328cd2d

Download Submit
/Users/run/__MACOSX/Beefeater/._.DS_Store

Filesize
120B

MD5
b9a94cc8f4aac450fb21641eaf065c6d

SHA1
0bed7e90c2bade9763fa18f1fb4441d31f91c87c

SHA256
2f380f4a3d05a8d90c2106f50da75064e9ce57a598599dc5404f8f69a0223aa9

SHA512
f1e82573db1da08be076ab30e7d8cff350e15d06765e1bb74e313cf5f93e1df6921893a3589df51e6b18538c21a9df6d3f23fead170e9b3c02993f5b5d4a2f4d

Download Submit
/Users/run/__MACOSX/Beefeater/._GoogleSoftwareUpdate

Filesize
176B

MD5
76cce320e39b78109117a36085340f8d

SHA1
db3f468e6859b250fbdce2001d13eb21f2e65a2a

SHA256
bdc363d423d2a70b7e517330550eafab9bd757ddb97d65517a459cd2942028b0

SHA512
73ceb1e8fa8ae403a3c134d833ad8c2c275ced735940fbc5c17b5b69c5203e3eb859742711be4fa47c487427e43a30925f71a3cb4f3d1be8dad21caa312eca57

Download Submit
/Users/run/__MACOSX/Beefeater/._Run-MachO.txt

Filesize
385B

MD5
f4a021eaa20c353181f94e447db985f3

SHA1
3e2052dadfb73f5b26bea81cc7ce16dbb805d105

SHA256
f14296e0416872146f5716d4c493648513806653086c1895d8752a8386d99954

SHA512
0711b887f06bef0e8023e3f11fdf679f71cf739fcf470b7fe8db6cbc3025d815253db49027bc011579616c86778d5393ccf26527604e4b9f34847c47cbc6c31c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads