Overview

overview

6

Static

static

6

Ghost_Bust...NT.dmg

macos-10.15-amd64

Ghost Bust..._store

macos-10.15-amd64

1

Ghost Bust...n.icns

macos-10.15-amd64

1

Ghost Bust...ate#ps

macos-10.15-amd64

1

Ghost Bust...e.macl

macos-10.15-amd64

1

Ghost Bust...antine

macos-10.15-amd64

1

Ghost Bust...bg.png

macos-10.15-amd64

1

Ghost Bust...ate#ps

macos-10.15-amd64

1

Ghost Bust...e.macl

macos-10.15-amd64

1

Ghost Bust...ertags

macos-10.15-amd64

1

Ghost Bust...antine

macos-10.15-amd64

1

Ghost Bust...lp.txt

macos-10.15-amd64

1

Ghost Bust...b7ynxa

macos-10.15-amd64

Ghost Bust...t:rsrc

macos-10.15-amd64

1

Ghost Bust...T].dmg

macos-10.15-amd64

1

Ghost Bust..._store

macos-10.15-amd64

1

Ghost Bust...kgInfo

macos-10.15-amd64

1

Ghost Bust...n.icns

macos-10.15-amd64

1

Ghost Bust...ts.car

macos-10.15-amd64

1

Ghost Bust...fo.xml

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...s.json

macos-10.15-amd64

1

Ghost Bust...fo.xml

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...trings

macos-10.15-amd64

1

Ghost Bust...ate#ps

macos-10.15-amd64

1

Ghost Bust...hgz4we

macos-10.15-amd64

1

Ghost Bust...y:rsrc

macos-10.15-amd64

1

Analysis

  • max time kernel
    189s
  • max time network
    214s
  • platform
    macos-10.15_amd64
  • resource
    macos-20231201-en
  • resource tags

    arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    02/01/2024, 15:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns

  • Size

    376KB

  • MD5

    61f79527e373ea03ca7728d05abcbd40

  • SHA1

    54497b3361d9cc88fdf5a84fa4319cdd89bf7cf4

  • SHA256

    f0167881a1b0af33217816ca50d48345b2767bf60c9ca38826e2d8fecf9cce94

  • SHA512

    68945ecd528a4f02949a244d5777c0eef92aca646a603a4ff509f755fb099c9ea151db78532f697d140315a62ab2e79b921b286115e2249a7bfe40cb8fd235c7

  • SSDEEP

    6144:lFXa4RoBgHi5NMjukHi1nMhae0QnPHRkeTcDjT+rF9bPDppHFsrf1AnNyP:lQBdMqkHi1nMMnLD0tPDPHyrf1IN

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:517
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:518
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:519
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns\""
          1⤵
            PID:520
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns\""
            1⤵
              PID:520
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns\""
              1⤵
                PID:520
              • /usr/bin/sudo
                sudo /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns"
                1⤵
                  PID:520
                • /usr/bin/sudo
                  sudo /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns"
                  1⤵
                    PID:520
                    • /bin/zsh
                      /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns"
                      2⤵
                        PID:521
                      • /bin/zsh
                        /bin/zsh -c "/Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns"
                        2⤵
                          PID:521
                        • /Users/run/Ghost
                          /Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns
                          2⤵
                            PID:521
                          • /Users/run/Ghost
                            /Users/run/Ghost Buster Pro 2.4.3 MAS/.VolumeIcon.icns
                            2⤵
                              PID:521
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.audio.systemsoundserverd
                            1⤵
                              PID:523
                            • /usr/sbin/systemsoundserverd
                              /usr/sbin/systemsoundserverd
                              1⤵
                                PID:523
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.pbs
                                1⤵
                                  PID:524
                                • /System/Library/CoreServices/pbs
                                  /System/Library/CoreServices/pbs
                                  1⤵
                                    PID:524
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.audio.AudioComponentRegistrar
                                    1⤵
                                      PID:525
                                    • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                      /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                      1⤵
                                        PID:525
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                        1⤵
                                          PID:564
                                        • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          1⤵
                                            PID:564
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.spindump
                                            1⤵
                                              PID:572
                                            • /usr/sbin/spindump
                                              /usr/sbin/spindump
                                              1⤵
                                                PID:572

                                              Network

                                                    MITRE ATT&CK Matrix

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • /Users/run/Library/Caches/.dat.nosync020c.oCO5sR
                                                      Filesize

                                                      12KB

                                                      MD5

                                                      f10b712f9960f383472ca135008da055

                                                      SHA1

                                                      adffe39d0bc6bbd078e5d0386b2774cc1948d6a9

                                                      SHA256

                                                      3ece27b23c6870d154ec00b86bd26fbe23a421e19d7d141064b20cb35b576200

                                                      SHA512

                                                      5041fff4c030d9231be8394fe578965bc59219dfad1a5103c3f705f072914f3b8f9d761bee6df0d3cc7d37aa60bf6a6c53129d0e2de9cf194666a91b2aea2f32

                                                      Download Submit