Malware Analysis Report

2024-10-19 02:36

Sample ID 240205-csnxhaacbp
Target 7f1768f8d49b2339e0fb39e6cb19ed22
SHA256 b57b2c143036ce5ee287e63f717278933a2d9b64a9c85999343f715d91f2f6e1
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

b57b2c143036ce5ee287e63f717278933a2d9b64a9c85999343f715d91f2f6e1

Threat Level: Likely benign

The file 7f1768f8d49b2339e0fb39e6cb19ed22 was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-05 02:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-05 02:20

Reported

2024-02-05 02:21

Platform

macos-20231201-en

Max time kernel

19s

Max time network

21s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe]

/bin/zsh

[/bin/zsh -c /Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe]

/Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe

[/Users/run/7f1768f8d49b2339e0fb39e6cb19ed22.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

Network

Country Destination Domain Proto
US 52.182.143.211:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.211:443 tcp
NL 17.248.236.67:443 tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp

Files

N/A