b88e6154aeb1c8505580917f36abef82ab4033e871559ed3634d90f9a144131f | Triage

Submit
Reports

Overview

overview

6

Static

static

6

Payload/ES...ts.pdf

windows7-x64

1

Payload/ES...ts.pdf

windows10-2004-x64

1

Payload/ES.../ESign

macos-10.15-amd64

1

Payload/ES...x.html

windows7-x64

1

Payload/ES...x.html

windows10-2004-x64

1

Payload/ES...min.js

windows7-x64

1

Payload/ES...min.js

windows10-2004-x64

1

Payload/ES...min.js

windows7-x64

1

Payload/ES...min.js

windows10-2004-x64

1

Payload/ES...dex.js

windows7-x64

1

Payload/ES...dex.js

windows10-2004-x64

1

Payload/ES...oad.js

windows7-x64

1

Payload/ES...oad.js

windows10-2004-x64

1

Payload/ES...ort.js

windows7-x64

1

Payload/ES...ort.js

windows10-2004-x64

1

Payload/ES...ble.js

windows7-x64

1

Payload/ES...ble.js

windows10-2004-x64

1

Payload/ES...min.js

windows7-x64

1

Payload/ES...min.js

windows10-2004-x64

1

Payload/ES...get.js

windows7-x64

1

Payload/ES...get.js

windows10-2004-x64

1

Payload/ES...min.js

windows7-x64

1

Payload/ES...min.js

windows10-2004-x64

1

Payload/ES...min.js

windows7-x64

1

Payload/ES...min.js

windows10-2004-x64

1

Payload/ES...ts.pdf

windows7-x64

1

Payload/ES...ts.pdf

windows10-2004-x64

1

Analysis

max time kernel
143s
max time network
137s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
17-11-2023 02:13

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payload/ESign.app/Assets.pdf

Resource

win7-20231023-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/ESign.app/Assets.pdf

Resource

win10v2004-20231023-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/ESign.app/ESign

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/index.html

Resource

win7-20231020-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/index.html

Resource

win10v2004-20231020-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/bootstrap.min.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/bootstrap.min.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/html5shiv.min.js

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/html5shiv.min.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/index.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/index.js

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.fileupload.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.fileupload.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.iframe-transport.js

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.iframe-transport.js

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.jeditable.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.jeditable.js

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.min.js

Resource

win7-20231025-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.min.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.ui.widget.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/jquery.ui.widget.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/respond.min.js

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/respond.min.js

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/tmpl.min.js

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/ESign.app/GCDWebUploader.bundle/Contents/Resources/js/tmpl.min.js

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/ESign.app/QMUIResources.bundle/Assets.pdf

Resource

win7-20231025-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/ESign.app/QMUIResources.bundle/Assets.pdf

Resource

win10v2004-20231020-en

windows10-2004-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/ESign.app/ESign
Size

14.1MB
MD5

ceef5794faaf0297f451b80293ab2e81
SHA1

883909263493fcc34b2c43359165d91037838919
SHA256

a101e2aea1a97765f04640176cca504b7023fe8ebb4774576e81d9f400de59b9
SHA512

3eb1c5a7fa1452a77872fb042b078f307017d8cae1f19747f71ea130a7a5fa7439132141bbf669295b2e2944aeab4d73f2d5b3f2874c4452a570ca5c13ce4907
SSDEEP

393216:cwQ1Dj28ttf9qYoK9d64kVbPyKQLTR7G2bQGPE0m3VbjCflssY3by1sb305Yb3Yx:cqKkLibQGPE0m3VbjCflssY3by1sb30T

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/ESign.app/ESign\""
1⤵
PID:509

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/ESign.app/ESign\""
1⤵
PID:509

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/ESign.app/ESign\""
1⤵
PID:509

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/ESign.app/ESign
1⤵
PID:509

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/ESign.app/ESign
1⤵
PID:509

/bin/zsh
/bin/zsh -c /Users/run/Payload/ESign.app/ESign
2⤵
PID:514

/bin/zsh
/bin/zsh -c /Users/run/Payload/ESign.app/ESign
2⤵
PID:514

/Users/run/Payload/ESign.app/ESign
/Users/run/Payload/ESign.app/ESign
2⤵
PID:514

/Users/run/Payload/ESign.app/ESign
/Users/run/Payload/ESign.app/ESign
2⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:518

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:518

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy