Overview

overview

10

Static

static

10

Korepi/Korepi.exe

macos-10.15-amd64

1

Korepi/concrt140.dll

macos-10.15-amd64

Korepi/dbgeng.dll

macos-10.15-amd64

Korepi/dbghelp.dll

macos-10.15-amd64

Korepi/dll...40.dll

macos-10.15-amd64

Korepi/dll...40.dll

macos-10.15-amd64

Korepi/dll..._1.dll

macos-10.15-amd64

Korepi/dll...dk.dll

macos-10.15-amd64

Korepi/msvcp140.dll

macos-10.15-amd64

Korepi/msvcp140_1.dll

macos-10.15-amd64

Korepi/msvcp140_2.dll

macos-10.15-amd64

Korepi/msv...it.dll

macos-10.15-amd64

Korepi/msv...ds.dll

macos-10.15-amd64

Analysis

  • max time kernel
    33s
  • max time network
    42s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    18-02-2024 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Korepi/Korepi.exe

  • Size

    84KB

  • MD5

    6ab9efa8c00bfc58528805978f6e894a

  • SHA1

    944441a3642a47c8b40633462de5876bc3bfb648

  • SHA256

    d8604a6641d5743df9a0324f179476afe197cb63e2b94cbbce78aee2a348b5e1

  • SHA512

    97a12dd1b0cf53b707b7251cbbc1f533fb9f3f9c3244c5f195ceb994a3569c00733580e470a5c43bd811d90e14ab650548a364bd858a00d9672eb4eacb4698a3

  • SSDEEP

    1536:JD9XaiFH+UGPGTLh7CfoWKSO5T3rZ5SwEKSKK9jzpm+:JD9BH+FP+dmpS5TbZ8wEKSKK9jVr

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Korepi/Korepi.exe\""
    1⤵
      PID:531
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Korepi/Korepi.exe\""
      1⤵
        PID:531
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Korepi/Korepi.exe
        1⤵
          PID:531
          • /bin/zsh
            /bin/zsh -c /Users/run/Korepi/Korepi.exe
            2⤵
              PID:533
            • /Users/run/Korepi/Korepi.exe
              /Users/run/Korepi/Korepi.exe
              2⤵
                PID:533
            • /usr/libexec/dmd
              /usr/libexec/dmd
              1⤵
                PID:523
              • /usr/libexec/xpcproxy
                xpcproxy com.apple.sysmond
                1⤵
                  PID:534
                • /usr/libexec/sysmond
                  /usr/libexec/sysmond
                  1⤵
                    PID:534
                  • /usr/libexec/xpcproxy
                    xpcproxy com.apple.secinitd
                    1⤵
                      PID:557
                    • /usr/libexec/secinitd
                      /usr/libexec/secinitd
                      1⤵
                        PID:557
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.geod
                        1⤵
                          PID:563
                        • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                          /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                          1⤵
                            PID:563
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.AddressBook.ContactsAccountsService
                            1⤵
                              PID:566
                            • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                              /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                              1⤵
                                PID:566
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.routined
                                1⤵
                                  PID:567
                                • /usr/libexec/routined
                                  /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                                  1⤵
                                    PID:567
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.Maps.mapspushd
                                    1⤵
                                      PID:568
                                    • /System/Library/CoreServices/mapspushd
                                      /System/Library/CoreServices/mapspushd
                                      1⤵
                                        PID:568
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.nehelper
                                        1⤵
                                          PID:569
                                        • /usr/libexec/nehelper
                                          /usr/libexec/nehelper
                                          1⤵
                                            PID:569

                                          Network

                                          MITRE ATT&CK Matrix

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • /Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
                                            Filesize

                                            124KB

                                            MD5

                                            7c24a1b24f6100c002f42addbe9e8dba

                                            SHA1

                                            d92a68021f964ce8a33f0118c470dcfa8c9a1eb1

                                            SHA256

                                            755550cd19a9e45352f0df999af23ff032a8232a91bf52f4bea60ec60c388ffb

                                            SHA512

                                            f82f83ab45f4c86cfb47bb8e53e5c12d7770b0f2c71ba33d588a4852a29590594f45f164b6b5aa330711253de6007b7ee0bdd47b598bf54011ee9a6c913edbe2

                                            Download Submit

                                          • /Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml
                                            Filesize

                                            150KB

                                            MD5

                                            76ebb0196d42a294b69ef118cbb301d5

                                            SHA1

                                            61e5ab752d351af1661716bc48c0520f66cd1d1b

                                            SHA256

                                            aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759

                                            SHA512

                                            8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

                                            Download Submit

                                          • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
                                            Filesize

                                            47KB

                                            MD5

                                            0e4a0d1ceb2af6f0f8d0167ce77be2d3

                                            SHA1

                                            414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

                                            SHA256

                                            cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

                                            SHA512

                                            1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

                                            Download Submit

                                          • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
                                            Filesize

                                            4KB

                                            MD5

                                            d3a1859e6ec593505cc882e6def48fc8

                                            SHA1

                                            f8e6728e3e9de477a75706faa95cead9ce13cb32

                                            SHA256

                                            3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

                                            SHA512

                                            ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

                                            Download Submit