d8505fb512a55771c7c09f615ee39eb582ea349d0c5b96960f720f5633db064d

Resubmissions

11-12-2023 14:36

231211-rywa4ahdfm 8

11-12-2023 14:33

231211-rw2p4ahdbm 1

Analysis

max time kernel
125s
max time network
137s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
11-12-2023 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fakestats.txt
Size

559B
MD5

613512c9a5bc192cf465c4617d8097ba
SHA1

6f7a693dff94468c76e56d6ba46f294bf08a7c7b
SHA256

d8505fb512a55771c7c09f615ee39eb582ea349d0c5b96960f720f5633db064d
SHA512

b5fdfc9bc99fb601b29ff1ac6226de531d3e47186b52f899e259b7d44e0359ed41bf19e696ba04dc34e5597c853391330b1301ac2d4e834912dc27eb5feb19d3

Score

1^/10

Malware Config

Signatures

/usr/libexec/xpcproxy
xpcproxy com.apple.logkextloadsd
1⤵
PID:503

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkreporter
1⤵
PID:504

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:504

/usr/libexec/xpcproxy
xpcproxy com.apple.var-db-dslocal-backup
1⤵
PID:505

/usr/bin/xar
/usr/bin/xar -c -f dslocal-backup.xar dslocal
1⤵
PID:505

/usr/libexec/xpcproxy
xpcproxy com.apple.gkreport
1⤵
PID:506

/usr/libexec/gkreport
/usr/libexec/gkreport
1⤵
PID:506
- /usr/sbin/spctl
  /usr/sbin/spctl --status
  2⤵
  PID:508
- /usr/sbin/spctl
  /usr/sbin/spctl --test-devid-status
  2⤵
  PID:509
- /usr/bin/syslog
  /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
  2⤵
  PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.systemstats.daily
1⤵
PID:507

/usr/libexec/xpcproxy
xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
1⤵
PID:510

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:510

/usr/libexec/xpcproxy
xpcproxy com.oracle.java.Java-Updater
1⤵
PID:511

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:511

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/fakestats.txt\""
1⤵
PID:513

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/fakestats.txt\""
1⤵
PID:513

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/fakestats.txt\""
1⤵
PID:513

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/fakestats.txt
1⤵
PID:513

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/fakestats.txt
1⤵
PID:513
- /bin/zsh
  /bin/zsh -c /Users/run/fakestats.txt
  2⤵
  PID:514
- /bin/zsh
  /bin/zsh -c /Users/run/fakestats.txt
  2⤵
  PID:514
- /Users/run/fakestats.txt
  /Users/run/fakestats.txt
  2⤵
  PID:514
- /Users/run/fakestats.txt
  /Users/run/fakestats.txt
  2⤵
  PID:514
- /bin/sh
  sh /Users/run/fakestats.txt
  2⤵
  PID:514
- /bin/sh
  sh /Users/run/fakestats.txt
  2⤵
  PID:514
- /bin/bash
  sh /Users/run/fakestats.txt
  2⤵
  PID:514
- /bin/bash
  sh /Users/run/fakestats.txt
  2⤵
  PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:554

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:554

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/private/var/db/dslocal-backup.xar

Filesize
139KB

MD5
6f38d63c9d4a02ab159f4d741e4171b3

SHA1
048457b46afd8418aff563c3a3b3ed1bfa1547c3

SHA256
1a48ea7fc6c26c40584ea8dd5394605dcc6da8bed0a5292bac377adeec490e23

SHA512
89c029bca508acc566dad278ccb859b4b364548e9c4f80e8d0852fcbde3eafe0710bab54571c67f54deac8a5dcf9b825ce293bcf2b1c6c5996969bd84f1dbcec

Download Submit
/private/var/db/loadedkextmt.plist

Filesize
6KB

MD5
8fc8de6429b039890b727cbdf78e8ac2

SHA1
b8bd4aeae63ae96f189492eebce728c44caf1a0d

SHA256
82c3a86a55c1133a2fcbdb60fa8615c949e9f5b6dd6ae707c4750e60e7cc4e9d

SHA512
f6cf84435d1c82b996aa8a51a7dab32b10bcbee4cd5eb27f8cc4fd866684c6f2a10309c3539383f5d980f7affd9641378d03a5e0d8d6aa97a9f79c3aa934121a

Download Submit
/private/var/db/systemstats/.dat.nosync01fb.EedVZi

Filesize
186B

MD5
b5ad85837e4708492ecb663333e147e2

SHA1
e1b64403ef957180015932e2470fb6f9ca87a5b7

SHA256
62108e6543d183060b8414e585575e9d680276338d1d67a66c948f5258b5b517

SHA512
74f936e6805503d6f7cc8c69ed787820463d4128a8c27249fc6ea48af8ab91a9acae3cbcae0dfa90cf83ecbe74500f0132c061fa6f969b0fb52840c40d003cdc

Download Submit
/private/var/db/systemstats/.dat.nosync01fb.lEt7ds

Filesize
186B

MD5
bb4068e9bf513ca7ff70ea8777352db6

SHA1
2e60ad825689dbaf5ccc7e6aeafd18e93699147c

SHA256
c0b96f281df4c72fe5d4554c58f9dae0c76f3f4f6e07e486e1e5e658ab4bfd8c

SHA512
824caaac25de338660f8e8ebaf8aa022a51b5b845abd7e1e6392511e7da1c2c2d57beae07b5825f4794781dbb4d39f3b898eaf05ee515eb0090b6ae984929a84

Download Submit
/private/var/db/xar.toc.1HDkKh

Filesize
225KB

MD5
66101fb14b2fe3661a61df87dc4e17ab

SHA1
f487acda64647aa970c1a70169c59bf8b41591c4

SHA256
767f0739e8fbfd8ae29de8d1b48f052d647dd5d024d0ff85894ed65f965d3865

SHA512
f650a20ad6bb7a0f74a27b2c1d0d86a1d660731adc0d5b4e5f408383f25109edf33497b2ae58c88b7958df96d4a0f818b3a18573733be44d74eff8d2d396acaa

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads