Overview

overview

1

Static

static

1

1f293e8145...d5ce88

macos-10.15-amd64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    macos-10.15_amd64
  • resource
    macos-20231201-en
  • resource tags

    arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    30-12-2023 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f293e8145dc2624b775a0cbc4d5ce88

  • Size

    420KB

  • MD5

    1f293e8145dc2624b775a0cbc4d5ce88

  • SHA1

    04134e418aedb0a22ba1e76121cfdf0bafb0684c

  • SHA256

    6234da2f095f1f2bce75d3d2b0aeeb7a1bd525be6d454e78108ba5d8ce9703f8

  • SHA512

    0634028e4a8454347f915821497afd1880aab344c5990898f08c3554caa3f60131bf9e19b1d96c7130c6626726c69c40f24614b1ad85356afa7aba6dfec70621

  • SSDEEP

    6144:mh71BaCiwGhBJUWXMbyCrRSXLAfKN+tltHDnK09psmmefrbMMNs0ijkBL:61ohBJUW+tIX/+LtHDnK0AI

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:510
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:511
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:512
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/1f293e8145dc2624b775a0cbc4d5ce88\""
          1⤵
            PID:513
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/1f293e8145dc2624b775a0cbc4d5ce88\""
            1⤵
              PID:513
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/1f293e8145dc2624b775a0cbc4d5ce88\""
              1⤵
                PID:513
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                1⤵
                  PID:513
                • /usr/bin/sudo
                  sudo /bin/zsh -c /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                  1⤵
                    PID:513
                    • /bin/zsh
                      /bin/zsh -c /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                      2⤵
                        PID:514
                      • /bin/zsh
                        /bin/zsh -c /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                        2⤵
                          PID:514
                        • /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                          /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                          2⤵
                            PID:514
                          • /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                            /Users/run/1f293e8145dc2624b775a0cbc4d5ce88
                            2⤵
                              PID:514
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                            1⤵
                              PID:559
                            • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                              /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                              1⤵
                                PID:559

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads