6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50

General

Target

6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe
Size

552KB
MD5

45e4a4b8d22f075c02e75fa2a05229b0
SHA1

c2f756556568e923b5a5668ec0b7c53d41e07505
SHA256

6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50
SHA512

c2d0ded8528568ddade17752ae4acde3410db0f85cc130392f5ebfe38180bd411abb48c288b5e4b57f1fe6390579d07d65c97798ba93c2362de77b49e56c561a
SSDEEP

12288:SMrhy90T0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6dQrdFCs:jyiiaaewIsgCQGIgYDrQpos

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe\""
1⤵
PID:520

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe\""
1⤵
PID:520

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe
1⤵
PID:520
- /bin/zsh
  /bin/zsh -c /Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe
  2⤵
  PID:521
- /Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe
  /Users/run/6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe
  2⤵
  PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:543

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:544

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:545

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:556

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:559

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:563

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:563

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:564

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:565

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 557
1⤵
PID:567

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.messages.StorageManagementExtension 556
1⤵
PID:574

/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension
"/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.Photos.StorageManagementExtension 556
1⤵
PID:575

/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.iBooksX.DiskSpaceEfficiency
1⤵
PID:576

/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.OtherUsers 556
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudDocsDaemon.StorageManagement 556
1⤵
PID:578

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Mail 556
1⤵
PID:579

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
1⤵
PID:578

/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Applications 556
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.CloudFiles 556
1⤵
PID:581

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
1⤵
PID:580

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
1⤵
PID:581

/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Trash 556
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.AppleInternal 556
1⤵
PID:584

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
1⤵
PID:583

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
1⤵
PID:584

/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
1⤵
PID:585

/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.iOSFiles 556
1⤵
PID:587

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.GarageBand 556
1⤵
PID:588

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudPhotosConfiguration
1⤵
PID:589

/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.automountd
1⤵
PID:597

/usr/libexec/automountd
automountd
1⤵
PID:597
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:598
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:604

/usr/libexec/xpcproxy
xpcproxy com.apple.installandsetup.systemmigrationd
1⤵
PID:599

/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd
/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd
1⤵
PID:599

/usr/libexec/xpcproxy
xpcproxy com.apple.storagekitd
1⤵
PID:600

/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.iconservices.iconservicesagent
1⤵
PID:601

/System/Library/CoreServices/iconservicesagent
/System/Library/CoreServices/iconservicesagent runAsRoot
1⤵
PID:601

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid
1⤵
PID:607

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/2EA7A636-82D8-47BF-9D10-1D4CF720A549.activeSandbox/Root /
1⤵
PID:608

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c
1⤵
PID:609

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.8A212B1B-64E8-409C-9F08-CA0966F467B8 560
1⤵
PID:610

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:611

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:611

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:612

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/2EA7A636-82D8-47BF-9D10-1D4CF720A549.activeSandbox/Boms/com.apple.pkg.IncompatibleAppList.10_15.16U1923.bom

Filesize
61KB

MD5
2f0f49de9ad6128f83b55002ddc0c733

SHA1
348b668dd78199b508fa73253568f3024a03410f

SHA256
4bde0dc120c8239b758f62e655e23be5f09b41f32f666bffa05e0104e8109d46

SHA512
6ed163e207886dd7661e67944197ef84c663eb129ca8c988d2fade90fa7e626b581627165521b3e9a8be77c04c12936ac40e1311750c2ad0aae4f6707910a4aa

Download Submit
/private/var/run/installd.commit.pid

Filesize
3B

MD5
1728efbda81692282ba642aafd57be3a

SHA1
fe2fb474076a872e237e4430d40cbed150d20033

SHA256
621cb5d0bdea9584dc9f7ede1479e7cca67f8d9778d7e3c8c5cb8aa9eaef47ef

SHA512
91933c905402da2a2c193c8664dbf807a6f8e3d714a9e6dc5757370409c9a6becf582a9aa7f4fbf0fd618e0fab8a049aaa5f80e34922a7bb685f94d60a952bb3

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.CloudPhotosConfiguration//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.CloudPhotosConfiguration//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/SMIncompatibleAppUpdate/CFNetworkDownload_VmwRVA.tmp

Filesize
324KB

MD5
8ac8e766276bb799857b359b3a4f2347

SHA1
075fe1052e1e6de0a38aaa7711a54e8a77bb65f8

SHA256
a0ee16e403dd8609ce56b56a111b2926b591d368b6e99a41c836beb280dcf687

SHA512
60f88aacc4d89e7a52aa30a469b430f781006fac52b320c2acd05d8f3ace9638a042fa0b0000885293cf6ee391915e7d68ffc656f4056fcb6de3b638d52a6439

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads