4871312e6210af58d82e410c1adc21a6e912448e6b295472ce7e0b3ff3680e9a

Analysis

max time kernel
125s
max time network
144s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10/01/2024, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50f61fdffeaf5465e0e3b0a50ce7a9f4
Size

1.5MB
MD5

50f61fdffeaf5465e0e3b0a50ce7a9f4
SHA1

ee9beb17f11fd1c0de4df74abd8d0f272f89d17c
SHA256

4871312e6210af58d82e410c1adc21a6e912448e6b295472ce7e0b3ff3680e9a
SHA512

12c96c1b24a11595d899bae784cf18d68253f778bb5244f4b8ba567d2c39921eb6610122c4da01ff8c1bc99b97468768095c6e6aef97858014ab28d07a9465e4
SSDEEP

6144:TuqivoPFhVJCcwYJx8A4Jn4EvlasKKp8iBT7J6yy0LOn8EtpEcjpPMMDB7ijkBj:Cq4Cxad4urpll7Myz6n8EtpEw

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:574

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:575

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4\""
1⤵
PID:576

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4\""
1⤵
PID:576

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4\""
1⤵
PID:576

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
1⤵
PID:576

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
1⤵
PID:576
- /bin/zsh
  /bin/zsh -c /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  2⤵
  PID:578
- /bin/zsh
  /bin/zsh -c /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  2⤵
  PID:578
- /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  2⤵
  PID:578
- /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  /Users/run/50f61fdffeaf5465e0e3b0a50ce7a9f4
  2⤵
  PID:578

/usr/libexec/dmd
/usr/libexec/dmd
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:580

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.PerfPowerServices
1⤵
PID:602

/usr/libexec/PerfPowerServices
/usr/libexec/PerfPowerServices
1⤵
PID:602

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:610

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:614

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:614

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:616

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:617

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:617

/usr/libexec/xpcproxy
xpcproxy com.apple.cfprefsd.xpc.agent
1⤵
PID:619

/usr/sbin/cfprefsd
/usr/sbin/cfprefsd agent
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:623

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:627

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:627

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:630

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:634

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:637

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:637

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:639

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:639

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:642

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:642

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:645

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:645

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:656

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/ActiveTileGroup.pbd

Filesize
124KB

MD5
af5e23638fd145211c66deac4334c6ba

SHA1
27559659ee29a9873f5100c702cce114b2bee8db

SHA256
f9d7112223a626204c439d3dcdbc470d1c487d81b2adbfb4d5c42685672033a0

SHA512
542bff6cf3b50eda888c23d29eba88206fa9eb710b0dab102b79e491ecef88918754a5c5d1c38b03f94cfc86dde98f9f530b1c1f0574bc42a5bad84c734d874b

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/Default-18242.iconmappack

Filesize
141KB

MD5
b4c22a09fe2f31466efb161ecbe2b2c3

SHA1
aeecd74130ef2f9799e5b0baa95cdb71d54ce6c9

SHA256
4cf1086aee27b90f5b6e10f7dc7d3113845c1cb7efb844b4a0bb6990589607e2

SHA512
64162fd751a35d4868c4e0b358c7a4c687078dc43ce6abe6d043aa9d70881ee8273a89bc9a0faef0453c68b63699b0a66aa5dcec7e3d13a34e3f50011c723006

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/[email protected]

Filesize
141KB

MD5
45858a55c27b09a84895a274589742f8

SHA1
401e5fb105d818eb631e294d25c33b978ae58a42

SHA256
977f6a61e6caba111511db7a50f6a57ea094d644da3dc17669c02e6e5f780a8a

SHA512
7613625b022da7a03c3a650b12c77aa1d6d2e9113a42a0350539465853f2966c5ebd9be57f90d4162e35f8987dbfbe43e7c86ec0d7beb209bbbd55f51f2471be

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/[email protected]

Filesize
557KB

MD5
c612eeafe7d65893269b9b39f64cc2da

SHA1
b337aed83971aeccdf700982c3a3cb5aec92c1c5

SHA256
8900950d05fb0f2db3032ea7849f48c7655f210e666aec31d1913b14089733c6

SHA512
4c0c208d9ff3a12872d5c7e91819fe804b602e02bf822081fe975233f2c22b9a4776f309301487914945ab26536945a3659fccfccc5b2a01a453af63318132c6

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/Default_Icons-17136.iconconfigpack

Filesize
556KB

MD5
60a9b755ab271df605b8f2a0b26bcb1e

SHA1
2098fec72d912f48bf3bc51a186958c28dbe4cb8

SHA256
a67ff86f31c7254fb033c4263e864976902d7450c4b3b05228c331fad6ecb2c7

SHA512
837edbb92be079ec9c27015aac9dc1ccf76276983769c778846765ac675202eb35bc763070b8ac490e7e44d65299e0ff2832f2a2f89983e1c685e4d8a6ea6de9

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/Default_Shields-1671.iconconfigpack

Filesize
82KB

MD5
9563a30bbd5d0af6f826ac7a6f33cf74

SHA1
df5f46010618c73b1a2bf277b7ca2a0c6ee97e9c

SHA256
d8ae99aedff70b2d0382f393dca972e58f26a866e9c831e6b0ec6717eaf89fda

SHA512
f5bd911863ac95fe1fc89a951c2ffda27308bbb93e35c6ed9dbfb936370cae526e179af2a12417a41cab3a359cdc9f5fc48f735af77df12ef0e2acd28b69fe7d

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/ResourceManifest.pbd

Filesize
248KB

MD5
d132f99f7cafd02abe833498ba1c88ae

SHA1
1767849d124d382c8cd24f545a196195b37b897f

SHA256
7ee93ba8dfbdd51894ef34349a10435ed6b07a8d40b378f75e09bfdc7cab3616

SHA512
3d714acfded5347c1376e850ec661027c7d880e7f97683392a478aa19efdeb291ae4d8fa9fa81c5d4e13f074d0e2449adaa887a900cd3f888dbc124621bbf6d5

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/SearchAttribution.pbd

Filesize
63KB

MD5
33a00a086786f3e994f4ad4b86c40765

SHA1
193a75d34278e9f6ac3f9b1f3802ddb37740403b

SHA256
ec539aeb37c4450885e26992856004a924e5930bf73934a4799c1ebcebbdd664

SHA512
cf07f7171164eb63dcbf5d37273ab6c73f6132478e3a262fffaa1b4bee040ff11b0cb3f27bb46ae321c314978af3ca4df18f04e8ed9d84f881a1aa43deb4a495

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/altitude-1168.xml

Filesize
150KB

MD5
76ebb0196d42a294b69ef118cbb301d5

SHA1
61e5ab752d351af1661716bc48c0520f66cd1d1b

SHA256
aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759

SHA512
8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/com.apple.geo.analytic.12000

Filesize
544B

MD5
b1f32c73516d4f0017efab8ed44cc44e

SHA1
0cbeace2d4c138faab33adc524c83e33c8605d79

SHA256
07adb511cea5ba16a0340ab9cef626673c04becf9ab5e4f8e0613c4563d91b59

SHA512
abd3b2fd8e49eb8ef1bcdba713c8c27dbebd45bbb0ad11494119dccdcee02743c0a79f7f78c4fc1a41886a58f1554fa1b09674b79350f367b7c954c4ba8cdb10

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/default-search-4255.styl

Filesize
4KB

MD5
ecffd97aba0c34d35b1a9814925dce20

SHA1
955f9e12763a52a03e04d4ffd11aaef5d7f61c9e

SHA256
9a2a568c390dd2011a7f0caaba9137e97a08d418692ce937ea893d626144acf3

SHA512
0ab126628f62a7d2659e3848c619d42b57899ddefa96bd8687494f9e4c23cecad5d20c9e03f9c1c3976aae3395b521067bd94f18ab53710981bdf2770390afcb

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/[email protected]

Filesize
4KB

MD5
0772477173e9e34a7860141b6b18a084

SHA1
d28286b98e6d7de043466687dc609f2b5287560e

SHA256
6ac023973bc73d4e5a24982a8f7f0ed3c4b6b12b07d5bd432db87602128599e7

SHA512
6e467f22fc6607f8fb2cc23f90735e4ae4e0951a850ced6104052bc37d0554db50d3e58b5eabdbbd9978f90748d67d6a0fb1dc4e794ffc75284d133710a01618

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/publisher_attribution_dot_coms-78.pb

Filesize
21KB

MD5
df3e0dfd820521a756bbbc584f4bf1a9

SHA1
dccf82e2be348c406faf445309ed1669d7eab7f3

SHA256
7db626f6178f1a525616314cc8857e1f9729e20d4befc56fb1dee292495e557f

SHA512
c78a1aefbf1035140e69b8e5e5b6e3abf4826707091e6b774ca112e93707eeb091a90bb9f883ce613914b825f1931e7f08ec86ed72f3dad4f7a6b724b9f46946

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/publisher_attribution_manifest_index-65.pb

Filesize
2KB

MD5
ba4df8801bd4124f55bfe7c130477094

SHA1
2136b957456e5776e5d0b996fadc2978a2cd064d

SHA256
d51837f4ef49d5d2e24f675a5bfd9f8391581a435f8c193f91a8520fccb8361a

SHA512
795f14ee1b7fe8d89c21c8af4e358e95e2331d60250acf91998ff3fbe8ee8c2124b11cac909be603c549508917a1af56af9f0c9c0da11da119ecddc4d3a13c65

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/ActiveTileGroup.pbd

Filesize
124KB

MD5
ff8d4fa05e96c01968d702759c374683

SHA1
4f9f8e2556feffbfddccf38056c2494e67af9434

SHA256
d742cf9aad02b471344a8b91028a7503745b7a2d92548828ebf62cc796bd6d17

SHA512
58a33000b8192374eb7b84ef9ba90f8f08ba3ca0de6b1cf8c9d600c349030f184683108534c608e31dc61faa17af73c7db767ca80de2042179822c37b7649d8e

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/ResourceManifest.pbd

Filesize
248KB

MD5
451ada5c5c9c3516253b75cb2318f9fa

SHA1
41824c8864a0a225c33c9854dc7d0ccb7df755e0

SHA256
98ebeff18cc9b0bec2401e6016aa1939f118898b9d719c7f4e1bb2ae264d8553

SHA512
c86ec9598fcfa222364eb8dbbaaee7a04a8872e08b2bd5bed23b03e2dc6c1346007f09aa3307a90306e64ecab9bd504b59242216d0099d85a46c9d167c98136c

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/ResourceManifest.pbd

Filesize
248KB

MD5
cc03f9a09881cd8c85e4df19845e6de4

SHA1
fe3a2b3cddfb074434795667b1408741bdfcb50f

SHA256
157d313989ecb89f707059724e1dc413eaed3faf4eb6d182f43a85faf42ac1a3

SHA512
6e5048e9d8685cb6a85b57ce9ba2d085d9be157b04ac6eea0412e9f7d4bce1919d809845e7b3ddf265133f3f803f9e5cac4ebc51e96080ef63e1ee5a366d6681

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/SearchAttribution.pbd

Filesize
63KB

MD5
a940279d52e68923e401ece4ace3e4fa

SHA1
557b447510e737273cf02de08fcb56078f0628fb

SHA256
104a4a8b8e8d932eedd86afa77a39d4ca72415cb7c29b92806bc92c6d9da0187

SHA512
e8527bce70058f7491828c3832c98fd81dc6cf947e18e95fb96d8cc4a05d304b19861cb829f26baca797076e52f2f759c0088162da635db6af8a1a2d3be42085

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/SearchAttribution.pbd

Filesize
63KB

MD5
4114b9b81bd6dd328b4db0cf096e2154

SHA1
44252cb1359b6d13ce654d855f70eee130458e09

SHA256
8729c9e2e2ccc76f4672cec20f91a14e82db6c4f2a33805183d55cb123f8fdef

SHA512
b43a16dbb7010f0eafdbd7047ecd5d5e25ea00b7dca07e715a50df72bce6d3dfaa1549a818da9748767b9736395e11611f6ae0f8d745736962a98d1030b9cba2

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/com.apple.geo.analytic.12000

Filesize
569B

MD5
5c69f340b13e481944532cc9ddb0cdd0

SHA1
ad5a04abeee5cb68956a313d9a2ba5b1022f4326

SHA256
fdddfabb305ffd21d03b0b17fd764ac49bbf9eef94ce225d32288aaffc7f49a4

SHA512
fffba1010d93d56e2094bed367090a356ada10fabca9686889e3d47d4c1f0a0c8bedafc36808c98110a79a940a982dabb304a98b8f1380a7a9bcb5bd69ef1c23

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/TemporaryItems/(A Document Being Saved By com.apple.geod)/networkDefaults.plist

Filesize
6KB

MD5
2b0bc3d4b28b37889d09acc741f4ebae

SHA1
060af238652083cafa7c43d79ea457eed8570429

SHA256
145a9dba11445d7b6102cb19a70ef8540fd119930c9e6ef323db408e4f727575

SHA512
459ccf92572f8dc284f49460dcfd4f04611f7ec2a5f14446e37d15aa85cfb094b1d2b49ca2606cb771151926dc14bfdcfa6e13da5686d212fe05c4d8cad989c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads