bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522

General

Target

NordVPNSetup.exe
Size

1.7MB
MD5

59cb69a08fdd9cb4b0539e3356df1d4d
SHA1

0c773a0a76f821780c002d527bee387b98904569
SHA256

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522
SHA512

51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2
SSDEEP

24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/NordVPNSetup.exe\""
1⤵
PID:513

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/NordVPNSetup.exe\""
1⤵
PID:513

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/NordVPNSetup.exe
1⤵
PID:513

/bin/zsh
/bin/zsh -c /Users/run/NordVPNSetup.exe
2⤵
PID:515

/Users/run/NordVPNSetup.exe
/Users/run/NordVPNSetup.exe
2⤵
PID:515

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:548

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:559

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:560

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:561

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:570

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:571

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2F26070C-E59B-4BB6-A6B3-56BA1D069D8C 570
1⤵
PID:572

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:578

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.9ED65D02-7367-4821-9B26-0713E06DCC0B 570
1⤵
PID:579

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 570
1⤵
PID:580

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:581

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:585

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 579
1⤵
PID:586

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:587

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.B61FC31C-9215-4ED4-B76E-221966C5FEDC 570
1⤵
PID:588

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.07BDB799-FF1B-4648-AF45-B26961902696 570
1⤵
PID:589

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2BDDECDF-5411-463D-B191-2ACF71178BFB 570
1⤵
PID:590

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 579
1⤵
PID:592

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.C3F08F4B-4540-49EA-A139-8C9BFD27D34A 570
1⤵
PID:595

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:597

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:598

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:598

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Safari/Favicon Cache/favicons/AD9ACE3FE904B1AC5DDC36304E13B75A

Filesize
5KB

MD5
80f7367cb52983d2b58c2570460a9e9b

SHA1
8b1020b84f2c57bc43c0b0e504529fbd176fc694

SHA256
d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7

SHA512
ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/E698A34761AA4B1E65E3849129427E0B

Filesize
5KB

MD5
9909227b6fd2415ccb9a276d99632243

SHA1
c21dfda1e925054b0d6c882e43f87dbe1222a933

SHA256
af7282a5f1a3c7a62bda5f2265b1254d420ba7b5aab58023df705dd6064d2ac9

SHA512
9705d6811e00ee5f616ead194484f00df7fd5033e6bbea784c02438b87774a3e60ece7e2fb6e23486eec43743d642a105a16a615b3a5d5ee32d49b8f77814e5c

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
225KB

MD5
1c1dfe3bc2cf704aa138de68503a1450

SHA1
9b971763ed461f7cb5feb3eff4a58ce959541f30

SHA256
4038e4a28330aa34cdb08ab69d377bf6f9f2c172b871928d31967026098b61e3

SHA512
3d7becc069696f32fa51b566bac3d9a36bb5d584590917405ab954764d5ba75984046050a19cba7411d548debd5fa8fedad4d408bf204be22f86061df9884469

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
23.4MB

MD5
9e63b7841e25479d9892f288df83ad2a

SHA1
01af8608e03fb5d7266abc49af41839b1d7e1b21

SHA256
61f4c776e39e10716dc091f7a819070363379fc34a57f9c75945b5fb34d3c887

SHA512
aa9a156fafd2392738e4c48f9cbc39113292a23112c09b3449e605690a6d9ca131face77f0c17f5fe2bdbf245a803e163658d9ea8c60a299319aa99453c7dbb1

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
122KB

MD5
18b5d76dd126800acf8e4f517ee702a5

SHA1
135612c9267fd51d654a010406f156a46d9f5d95

SHA256
5b836325024e81b4452df0e62cf7efbcd4df2d6a344d5043a16db5f3af78fcdc

SHA512
315c0eeac2fb31040b9b67e5371fe2a0c9bba6065178c7943ef5e4f9ffe009b718ad7cc504938734ca7f30719ecd4a8e3281b5a6f1e6b3c2444b42c2282412aa

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads