f18bb69c42a3ba855b0815ad141348b086469f48e351c334b6d0a5959f6d46e9 | Triage

Submit
Reports

Overview

overview

1

Static

static

1

Dropzone 4...R].dmg

macos-10.15-amd64

Dropzone 4...T].dmg

macos-10.15-amd64

1

Dropzone 4...ion.py

macos-10.15-amd64

Dropzone 4...ve.ps1

macos-10.15-amd64

Dropzone 4...ur.ps1

macos-10.15-amd64

Dropzone 4...hua.py

macos-10.15-amd64

1

Dropzone 4...one.py

macos-10.15-amd64

1

Dropzone 4...one.rb

macos-10.15-amd64

1

Dropzone 4....dylib

macos-10.15-amd64

1

Dropzone 4...cOS/fc

macos-10.15-amd64

1

Dropzone 4...opy.rb

macos-10.15-amd64

1

Dropzone 4...api.rb

macos-10.15-amd64

1

Dropzone 4...ner.py

macos-10.15-amd64

1

Dropzone 4...ner.rb

macos-10.15-amd64

1

Dropzone 4...ash.rb

macos-10.15-amd64

1

Dropzone 4...ser.rb

macos-10.15-amd64

1

Dropzone 4...les.rb

macos-10.15-amd64

1

Dropzone 4...tLogin

macos-10.15-amd64

1

Dropzone 4...zone 4

macos-10.15-amd64

1

Dropzone 4...opzone

macos-10.15-amd64

1

Dropzone 4...ts.rtf

macos-10.15-amd64

1

Dropzone 4...ing.js

macos-10.15-amd64

Dropzone 4...min.js

macos-10.15-amd64

Dropzone 4...min.js

macos-10.15-amd64

Dropzone 4...h.html

macos-10.15-amd64

1

Dropzone 4....dylib

macos-10.15-amd64

1

Dropzone 4.../rhash

macos-10.15-amd64

1

Dropzone 4...iendly

macos-10.15-amd64

1

Analysis

max time kernel
105s
max time network
139s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10-12-2023 17:31

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

Dropzone 4 Pro 4.80.4 macOS [FileCR].dmg

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dropzone 4 4.80.4/Manual install/Dropzone 4 4.80.4 [TNT].dmg

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/Custom Action Python Template.dzbundle/action.py

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/Google Drive.dzbundle/gdrive.ps1

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/Imgur.dzbundle/imgur.ps1

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/Pashua.py

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/dropzone.py

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/dropzone.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/fc.app/Contents/Frameworks/libswift_Concurrency.dylib

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/fc.app/Contents/MacOS/fc

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/filecopy.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/pastie_api.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/python_runner.py

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/runner.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/stash.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/task_file_parser.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Actions/lib/zip_files.rb

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Library/LoginItems/LaunchAtLogin.app/Contents/MacOS/LaunchAtLogin

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/MacOS/Dropzone 4

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/PlugIns/Dropzone.appex/Contents/MacOS/Dropzone

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Splash/js/jquery.easing.js

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Splash/js/jquery.flexslider-min.js

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Splash/js/jquery.min.js

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Splash/splash.html

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/libConfigurer64.dylib

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Dropzone 4 4.80.4/Extra/rhash

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Dropzone 4 4.80.4/Open Gatekeeper friendly

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf
Size

1KB
MD5

253dae23d32a0d40e0e43f75b9eecfe8
SHA1

1874105049a86a2349c9c821818f59c4ba45cbce
SHA256

e4154bcb2a6d228bd9732fc06239d7f9f1db084faf8b498c79c6444161f24214
SHA512

26d1b1795bd136b14ca760dcf9d8d6729fc5840c108cc19e4b5b325047a734e0df73dcb899e9276c9878718a61b91274dafe368d9b620e81c09b15646df3e8ad

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf\""
1⤵
PID:532

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf\""
1⤵
PID:532

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf\""
1⤵
PID:532

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf"
1⤵
PID:532

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf"
1⤵
PID:532

/bin/zsh
/bin/zsh -c "/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf"
2⤵
PID:540

/bin/zsh
/bin/zsh -c "/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf"
2⤵
PID:540

/Users/run/Dropzone
/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf
2⤵
PID:540

/Users/run/Dropzone
/Users/run/Dropzone 4 4.80.4/Dropzone 4.app/Contents/Resources/Credits.rtf
2⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:544

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:545

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:547

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:547

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync0221.K45C28

Filesize
12KB

MD5
b9b150dc6ea38e62c2f54bec2922d0fc

SHA1
7c5ae87f8956ce90ab2f5d28fa320bd8c5df5e4e

SHA256
4f40ef0f64062bb9b1374a616cacb69b75e792027b12b03b57b1738aa045889c

SHA512
1ffe69c7d23ad771fdc04813fcb69871b4b913548986a8ffd1ccb432c1fe9c978016adbb35cbcb1bf4042442afc373ec07bd45fbd06dd5bf9a2ef9da8f12e078

Download Submit

© 2018-2024

Terms | Privacy