Overview

overview

3

Static

static

3

60d52e13d4...5f.exe

macos-10.15-amd64

1

setup_installer.exe

macos-10.15-amd64

1

Resubmissions

16-01-2024 20:48

240116-zlfnwabcc6 3

16-01-2024 20:42

240116-zhex6sadbp 10

Analysis

  • max time kernel
    14s
  • max time network
    23s
  • platform
    macos-10.15_amd64
  • resource
    macos-20231201-en
  • resource tags

    arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    16-01-2024 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60d52e13d49f75155b26c170f5a2ec5f.exe

  • Size

    1.5MB

  • MD5

    60d52e13d49f75155b26c170f5a2ec5f

  • SHA1

    cf6a04d46a3408780e413c3d11dbea4c11571883

  • SHA256

    3bc711bf1d32038cdcbbc7ff61228d50e05612cc33a8dcb271d6202f90ae4c6e

  • SHA512

    ceca0427a8305f4f913d5c7dcc2bc11380cbbc7e49ff97e6fd501e82c8ade94e2e67f926f66ef12ef3dd882466a577fdb3d77e9b00a9c96968795cd05d7345e6

  • SSDEEP

    24576:Eg5soYT1zAoaJ2sw5TCVUPCSHmHscNLx07XiNkvV+yhYL0xs5yDxa5/AAp93Ru6:EgboUJwJCV4CSFcNLwyNQkyhYLQL1GH1

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:518
    • /usr/bin/syslog
      /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
      1⤵
        PID:519
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe\""
        1⤵
          PID:520
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe\""
          1⤵
            PID:520
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe\""
            1⤵
              PID:520
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
              1⤵
                PID:520
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                1⤵
                  PID:520
                  • /bin/zsh
                    /bin/zsh -c /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                    2⤵
                      PID:521
                    • /bin/zsh
                      /bin/zsh -c /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                      2⤵
                        PID:521
                      • /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                        /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                        2⤵
                          PID:521
                        • /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                          /Users/run/60d52e13d49f75155b26c170f5a2ec5f.exe
                          2⤵
                            PID:521
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.audio.systemsoundserverd
                          1⤵
                            PID:544
                          • /usr/sbin/systemsoundserverd
                            /usr/sbin/systemsoundserverd
                            1⤵
                              PID:544
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.pbs
                              1⤵
                                PID:545
                              • /System/Library/CoreServices/pbs
                                /System/Library/CoreServices/pbs
                                1⤵
                                  PID:545
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.audio.AudioComponentRegistrar
                                  1⤵
                                    PID:546
                                  • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                    /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                    1⤵
                                      PID:546

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • /Users/run/Library/Caches/.dat.nosync0221.jDqo4p
                                      Filesize

                                      12KB

                                      MD5

                                      a1ea0058dec731563822a1920fed15f3

                                      SHA1

                                      1d06b748a7ba89e1b5e74168bbcb5fa0bb51396d

                                      SHA256

                                      f4b26aa4cc07e68a3780ac705d0d063265983585c596c3e77e922eabd9dc7401

                                      SHA512

                                      6ff8273fa85f2689ff28acbb8870cf2d2e6c9e7879e240e6bfe1ff2949a02e73e9ba164c6661ccab89b23bc750e4d705ccb52aa781f4b8c188178489dedd760b

                                      Download Submit