shlayer | 852ff1b97c1155fc28b14f5633a17de02dcace17bdc5aadf42e2f60226479eaf | Triage

Sharing

General

Target

AdobeFlashPlayer.dmg
Size

244KB
Sample

240126-pr7pfafbal
MD5

b2b519602673e27aa40085deb8827bd1
SHA1

e827f4c1a1790c13cd761cdbf31cd2c0d7b25e55
SHA256

852ff1b97c1155fc28b14f5633a17de02dcace17bdc5aadf42e2f60226479eaf
SHA512

a635290927f22d4ba578d2afa05e0c27542fbdb1317e0fd829496966a315e9d16cf71302361a76d4acd2880c199bdd47eb8a10ff51b0b1a7f2cfbb6427adf029
SSDEEP

6144:su9BEkqY5CT7mNuVlIbjQYUYX80t/eWiqQCBs462ftH:su9BEkZTEn8jt/biqBw2

Score

10^/10

shlayer adware discovery evasion macos

Malware Config

Targets

- Target
  
  AdobeFlashPlayer.dmg
- Size
  
  244KB
- MD5
  
  b2b519602673e27aa40085deb8827bd1
- SHA1
  
  e827f4c1a1790c13cd761cdbf31cd2c0d7b25e55
- SHA256
  
  852ff1b97c1155fc28b14f5633a17de02dcace17bdc5aadf42e2f60226479eaf
- SHA512
  
  a635290927f22d4ba578d2afa05e0c27542fbdb1317e0fd829496966a315e9d16cf71302361a76d4acd2880c199bdd47eb8a10ff51b0b1a7f2cfbb6427adf029
- SSDEEP
  
  6144:su9BEkqY5CT7mNuVlIbjQYUYX80t/eWiqQCBs462ftH:su9BEkZTEn8jt/biqBw2
Score

10^/10

shlayer adware discovery evasion
- Shlayer
  Shlayer family.
  adware shlayer
- Identifies devices as anti-VM
- Queries the hardware information (I/O Kit registry).
  discovery
- Queries the macOS version information.
  discovery
- file permission
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

File and Directory Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

shlayeradwarediscoveryevasion