f85ba13b1d04823edcf037d4a4131aa6c9cad75b2970d3156d67f5284663788d

Analysis

max time kernel
353s
max time network
607s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
02/01/2024, 15:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine
Size

22B
MD5

5ddf174686650e468949ffbd37da2375
SHA1

f066f2210fa52581c6b3977096d0add2eac87614
SHA256

028bbbaa4e930a80e219115e7d36233868f128d3fed2c5c8c3b8ffbbb408fbd2
SHA512

71663216854a30de892a4f9150cbef9890c1e773b66dcdb91d5f0f69a3be2762d89d6da67bc84cd03c4e348dbad79da332330e008d532276bfd19634df87b854

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine\""
1⤵
PID:521

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine\""
1⤵
PID:521

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine\""
1⤵
PID:521

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine"
1⤵
PID:521

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine"
1⤵
PID:521
- /bin/zsh
  /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine"
  2⤵
  PID:522
- /bin/zsh
  /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine"
  2⤵
  PID:522
- /Users/run/Ghost
  /Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine
  2⤵
  PID:522
- /Users/run/Ghost
  /Users/run/Ghost Buster Pro 2.4.3 MAS/.background/bg.png:com.apple.quarantine
  2⤵
  PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:524

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:525

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:526

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:564

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:575

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:576

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreAuthentication.agent
1⤵
PID:578

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:579

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:579

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync020d.C5XQbQ

Filesize
12KB

MD5
172a451f16f83620559b25b02bebcef7

SHA1
3f32ef220cc130ac5250bff5ef9e8d55dd12c0af

SHA256
cc9e535df88197c2650e99a5d6c0e0552a64b705a9e595a111ebbd15d44f346d

SHA512
81f33ddb81409a2953229cf8cd8ab14219431102ac27f22c9f097f437ad6c50cf8d7c8e6023bb679b0b4475cc71a22bbf3600a9554d4f869d99e65af67816b98

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads