789e5fcb242ee1fab8ed39e677d1bf26c7ce275ae38de5a63b4d902c58e512ec | Triage

Submit
Reports

Overview

overview

Static

static

node

macos-10.15-amd64

1

Analysis

max time kernel
141s
max time network
146s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
26/12/2023, 08:23

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

node

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

node
Size

15.3MB
MD5

109dfbd83b25493fcbd18c6ff4e54c1d
SHA1

6864d6f8b2ed2a18db226ebd853afd093f85b9c2
SHA256

789e5fcb242ee1fab8ed39e677d1bf26c7ce275ae38de5a63b4d902c58e512ec
SHA512

64168380077e6e4913256ccb1698f8f6746003514d576ae7f57b45ec4cb7f4190fa3ab74e02a5936a67353c553a4f4499c8b117c57a8caf2d50bef1fb4466ff6
SSDEEP

98304:vPYBqyOzDtyBElpHDot+a5t2Ge+7fdTf6cEbKqgSBDn5MbPfhu:vPYQYBYot+a5tZpzRfothBNM0

Score

1^/10

Malware Config

Signatures

Processes

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:517

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:518

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:519

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/node\""
1⤵
PID:520

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/node\""
1⤵
PID:520

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/node\""
1⤵
PID:520

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/node
1⤵
PID:520

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/node
1⤵
PID:520
- /bin/zsh
  /bin/zsh -c /Users/run/node
  2⤵
  PID:521
- /bin/zsh
  /bin/zsh -c /Users/run/node
  2⤵
  PID:521
- /Users/run/node
  /Users/run/node
  2⤵
  PID:521
- /Users/run/node
  /Users/run/node
  2⤵
  PID:521
- - /Users/run/node
    /Users/run/node
    3⤵
    PID:522
- - /Users/run/node
    /Users/run/node
    3⤵
    PID:522
  - - /usr/sbin/scutil
      scutil --proxy
      4⤵
      PID:523
  - - /usr/sbin/scutil
      scutil --proxy
      4⤵
      PID:523
  - - /usr/sbin/scutil
      scutil --proxy
      4⤵
      PID:561
  - - /usr/sbin/scutil
      scutil --proxy
      4⤵
      PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:545

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:546

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:547

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:565

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:565

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync0222.4Ih3Do

Filesize
12KB

MD5
62ea940afb35facd6b5f029304b96d56

SHA1
2b0cbdbe501322c7dc3ec53d4790ff069ebc62b7

SHA256
c59d77d1081a7502852404fb1588b240e7c651961dd54fe69160d76dd83f1ecf

SHA512
032c643bb9f227519066305d2b5e366b87e05e82115cf02d39c35de3282315b27b644fa640924679f5ae680fc1bcbb13a447ebece104038deb41947bcd902861

Download Submit

© 2018-2025

Terms | Privacy