2227af2b3c4b388ef4608bdfefa758843a51972f40ce0c081a68b15cbc2297a4

Resubmissions

11/01/2024, 03:06 UTC

240111-dlzwvsdddk 1

11/01/2024, 02:43 UTC

240111-c7j7vsdaej 1

Analysis

max time kernel
84s
max time network
154s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
11/01/2024, 02:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib
Size

83KB
MD5

4e188f4ed043f7a49132b83f541bd5af
SHA1

6d4ea6ddd917b43b498a1881624fe1a58f3a8336
SHA256

f1ca296e5f4dea02379c99145f15fa33c6c02fbdf150eb631b537115ad6e6dec
SHA512

c3e11892285b507fbbcf0286092c104e7d8b81d168f39603d3b7c6924451cea00aae8d31369c29eb096da269222c26812048e22e5ca403fa06636ca1d3a53f26
SSDEEP

768:/LSjr+chkNwxGlsMg/Knbekt+9PPGFP2+iGT:+jrDkNwxGlsMgybekt+9PWu+iGT

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib\""
1⤵
PID:517

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib\""
1⤵
PID:517

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib\""
1⤵
PID:517

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib"
1⤵
PID:517

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib"
1⤵
PID:517
- /bin/zsh
  /bin/zsh -c "/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib"
  2⤵
  PID:534
- /bin/zsh
  /bin/zsh -c "/Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib"
  2⤵
  PID:534
- /Users/run/Design
  /Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib
  2⤵
  PID:534
- /Users/run/Design
  /Users/run/Design Your Collage 1.1.1 MAS + In-App/Design Your Collage.app/Contents/Frameworks/libswiftMetal.dylib
  2⤵
  PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:533

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:535

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:539

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:540

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:541

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:569

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:569

Network

DNS

16.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

16.courier-push-apple.com.akadns.net

IN A

Response

16.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.153

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.152

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.154

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.150

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.155

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.151
DNS

e673.dsce9.akamaiedge.net

Remote address:

8.8.8.8:53

Request

e673.dsce9.akamaiedge.net

IN A

Response

e673.dsce9.akamaiedge.net

IN A

95.100.244.21
DNS

16.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

16.courier-push-apple.com.akadns.net

IN A

Response

16.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.151

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.154

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.155

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.150

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.152

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.153
DNS

3-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

3-courier.push.apple.com

IN A

Response

3-courier.push.apple.com

IN CNAME

3.courier-push-apple.com.akadns.net

3.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.87

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.86

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.88
DNS

23-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

23-courier.push.apple.com

IN A

Response

23-courier.push.apple.com

IN CNAME

23.courier-push-apple.com.akadns.net

23.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.13

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.7

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.10

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.8

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.9

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.12

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.11
DNS

17.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

17.courier-push-apple.com.akadns.net

IN A

Response

17.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.9

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.10

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.12

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.7

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.13

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.11

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.8
DNS

15.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

15.courier-push-apple.com.akadns.net

IN A

Response

15.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.12

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.11

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.13

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.7

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.8

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.10

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.9
DNS

1.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

1.courier-push-apple.com.akadns.net

IN A

Response

1.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.9

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.8

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.10

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.13

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.7

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.12

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.11
DNS

40-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

40-courier.push.apple.com

IN A

Response

40-courier.push.apple.com

IN CNAME

40.courier-push-apple.com.akadns.net

40.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.152

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.154

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.150

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.153

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.155

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.151
DNS

40-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

40-courier.push.apple.com

IN A
DNS

40-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

40-courier.push.apple.com

IN A
DNS

0.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

0.courier-push-apple.com.akadns.net

IN A

Response

0.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.87

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.86

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.88
DNS

0.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

0.courier-push-apple.com.akadns.net

IN A

17.57.146.42:5223

144 B
120 B
3
2
20.189.173.2:443

tls, https

1.8kB
16
17.248.236.65:443

tls, https

128 B
40 B
2
1
17.57.146.86:5223

3-courier.push.apple.com

64 B
1
17.57.146.88:5223

3-courier.push.apple.com

144 B
120 B
3
2
17.57.146.7:5223

23-courier.push.apple.com

104 B
60 B
2
1
17.57.146.10:5223

23-courier.push.apple.com

64 B
1
17.57.146.154:5223

40-courier.push.apple.com

64 B
1
17.57.146.150:5223

40-courier.push.apple.com

64 B
1
17.57.146.42:5223

104 B
60 B
2
1

8.8.8.8:53

16.courier-push-apple.com.akadns.net

dns

82 B
216 B
1
1

DNS Request

16.courier-push-apple.com.akadns.net

DNS Response

17.57.146.153

17.57.146.152

17.57.146.154

17.57.146.150

17.57.146.155

17.57.146.151
8.8.8.8:53

e673.dsce9.akamaiedge.net

dns

71 B
87 B
1
1

DNS Request

e673.dsce9.akamaiedge.net

DNS Response

95.100.244.21
8.8.8.8:53

16.courier-push-apple.com.akadns.net

dns

82 B
216 B
1
1

DNS Request

16.courier-push-apple.com.akadns.net

DNS Response

17.57.146.151

17.57.146.154

17.57.146.155

17.57.146.150

17.57.146.152

17.57.146.153
8.8.8.8:53

3-courier.push.apple.com

dns

70 B
205 B
1
1

DNS Request

3-courier.push.apple.com

DNS Response

17.57.146.87

17.57.146.86

17.57.146.88
8.8.8.8:53

23-courier.push.apple.com

dns

71 B
271 B
1
1

DNS Request

23-courier.push.apple.com

DNS Response

17.57.146.13

17.57.146.7

17.57.146.10

17.57.146.8

17.57.146.9

17.57.146.12

17.57.146.11
8.8.8.8:53

17.courier-push-apple.com.akadns.net

dns

82 B
232 B
1
1

DNS Request

17.courier-push-apple.com.akadns.net

DNS Response

17.57.146.9

17.57.146.10

17.57.146.12

17.57.146.7

17.57.146.13

17.57.146.11

17.57.146.8
8.8.8.8:53

15.courier-push-apple.com.akadns.net

dns

82 B
232 B
1
1

DNS Request

15.courier-push-apple.com.akadns.net

DNS Response

17.57.146.12

17.57.146.11

17.57.146.13

17.57.146.7

17.57.146.8

17.57.146.10

17.57.146.9
8.8.8.8:53

1.courier-push-apple.com.akadns.net

dns

81 B
231 B
1
1

DNS Request

1.courier-push-apple.com.akadns.net

DNS Response

17.57.146.9

17.57.146.8

17.57.146.10

17.57.146.13

17.57.146.7

17.57.146.12

17.57.146.11
8.8.8.8:53

40-courier.push.apple.com

dns

213 B
255 B
3
1

DNS Request

40-courier.push.apple.com

DNS Request

40-courier.push.apple.com

DNS Request

40-courier.push.apple.com

DNS Response

17.57.146.152

17.57.146.154

17.57.146.150

17.57.146.153

17.57.146.155

17.57.146.151
224.0.0.251:5353

332 B
1
8.8.8.8:53

0.courier-push-apple.com.akadns.net

dns

162 B
167 B
2
1

DNS Request

0.courier-push-apple.com.akadns.net

DNS Request

0.courier-push-apple.com.akadns.net

DNS Response

17.57.146.87

17.57.146.86

17.57.146.88

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync021c.Fms2lH

Filesize
12KB

MD5
f7a53859066e5d87116e3377ef7e74a3

SHA1
9819539e51c50a61c5761f4f7aa10e51d15cbb7c

SHA256
fb10db2add37b21c0a42fddb4b1a0d5fa5097602d37dda5eb92ff828dcaec474

SHA512
882a7992f88d5aeab62cdbc83f017970238b9baf5b69c7c7731b958651dc7e9b58307b7d734d25f047e42021ef890a19e263a0db6843b8ef48284aeace287ae0

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.