Overview

overview

1

Static

static

1

3ea30e034a...cc.bin

macos-10.15-amd64

1

NeatDownlo...anager

macos-10.15-amd64

1

NeatDownlo...ension

macos-10.15-amd64

1

NeatDownlo.../bg.js

windows7-x64

1

NeatDownlo.../bg.js

windows10-2004-x64

1

NeatDownlo.../ct.js

windows7-x64

1

NeatDownlo.../ct.js

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    156s
  • platform
    macos-10.15_amd64
  • resource
    macos-20231201-en
  • resource tags

    arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    29-12-2023 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension

  • Size

    148KB

  • MD5

    3c0545f81a6efddf3a93bbe61a5c3534

  • SHA1

    06c20735f7630880fe5a5720850cd554cac731ee

  • SHA256

    8f650f8e3f446682298dfe2bb7cca3a6250d8822b3f25896e8c485740ada9e86

  • SHA512

    29bbf02c3622bcde6318e6b2e44644d51d34b32112ce5f7088295dcb8f68c36dac2d09643e54d10162b3010b02faa4ad9e9bc90d56c76161bca024bc5f1f2728

  • SSDEEP

    384:DcVTazc+802/ySr+Q8Yr+rr4Tjr8ZJrNab8erYJDg6+p1XFIEr+Q8Yr2r6r6pIr5:DctazcF02/Z8eO3ab8DJsvpxFN8aab8

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension\""
    1⤵
      PID:520
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension\""
      1⤵
        PID:520
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension\""
        1⤵
          PID:520
        • /usr/bin/sudo
          sudo /bin/zsh -c "/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension"
          1⤵
            PID:520
          • /usr/bin/sudo
            sudo /bin/zsh -c "/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension"
            1⤵
              PID:520
              • /bin/zsh
                /bin/zsh -c "/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension"
                2⤵
                  PID:521
                • /bin/zsh
                  /bin/zsh -c "/Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension"
                  2⤵
                    PID:521
                  • /Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager
                    /Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension
                    2⤵
                      PID:521
                    • /Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager
                      /Users/run/NeatDownloadManager.app/Contents/PlugIns/NeatDownloadManager Extension.appex/Contents/MacOS/NeatDownloadManager Extension
                      2⤵
                        PID:521
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.audio.systemsoundserverd
                      1⤵
                        PID:524
                      • /usr/sbin/systemsoundserverd
                        /usr/sbin/systemsoundserverd
                        1⤵
                          PID:524
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.pbs
                          1⤵
                            PID:525
                          • /System/Library/CoreServices/pbs
                            /System/Library/CoreServices/pbs
                            1⤵
                              PID:525
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.audio.AudioComponentRegistrar
                              1⤵
                                PID:526
                              • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                1⤵
                                  PID:526

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • /Users/run/Library/Caches/.dat.nosync020d.PhsCwr
                                  Filesize

                                  12KB

                                  MD5

                                  6aa30bd0acbe500b4f5fb5f98dea2a07

                                  SHA1

                                  16832dc1e19ea39092d1a85167bfc5c7b759bcc6

                                  SHA256

                                  49a8cea657df0fccdbb58e5bb16d98a789c374f1a72033e839ef2e03cc356429

                                  SHA512

                                  589c127df83b8d744a4a497af2cfa48615e897694f27f5875fda692a73a3b370547fd188129974106ebd9a320c8260e9a41ff86417273d8d327f8775db6d9d1f

                                  Download Submit