Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
65s -
platform
macos-10.15_amd64 -
resource
macos-20240214-en -
resource tags
-
submitted
21/02/2024, 02:11
Errors
General
-
Target
InfiniteBlue.exe
-
Size
1.8MB
-
MD5
70b9c08114c970f97ba983227e0f08b4
-
SHA1
0c3c846828734aed1d74ea47253feef6f81940ac
-
SHA256
a38f8a7e057e205d3961095a025f5014c0da0567495f2ca5a15f26d89c481026
-
SHA512
dc223e4cbfe89a8d92b2042b1c8a0403b26adc7383317cbadc56602d1e9c02a4a80450ec5aa243fdb8ef3a0882a20af48c3ebb7165ca58dfe34c62691c36f5eb
-
SSDEEP
49152:RqrObhdGZu/xJrtcaXxfjDSVQEWnu3+w3JJn+:oExvFXpCQG3+OXn+
Malware Config
Signatures
-
Resource Forking 1 TTPs 1 IoCs
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/InfiniteBlue.exe\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/InfiniteBlue.exe\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/InfiniteBlue.exe1⤵
-
/bin/zsh/bin/zsh -c /Users/run/InfiniteBlue.exe2⤵
-
-
/Users/run/InfiniteBlue.exe/Users/run/InfiniteBlue.exe2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/bin/pluginkit/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.nehelper1⤵
-
/usr/libexec/nehelper/usr/libexec/nehelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵
-
/usr/libexec/neagent/usr/libexec/neagent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.PackageKit.InstallStatus1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.warmd_agent1⤵
-
/usr/libexec/warmd_agent/usr/libexec/warmd_agent1⤵
-
/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.rtcreportingd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sessionlogoutd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.akd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.cloudkeychainproxy31⤵
-
/System/Library/CoreServices/sessionlogoutd/System/Library/CoreServices/sessionlogoutd1⤵
-
/usr/libexec/rtcreportingd/usr/libexec/rtcreportingd1⤵
-
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd1⤵
-
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy1⤵
-
/sbin/shutdown/sbin/shutdown -r now1⤵
-
/bin/shsh -c "/usr/bin/wall -n"1⤵
-
/bin/bashsh -c "/usr/bin/wall -n"1⤵
-
/usr/bin/wall/usr/bin/wall -n1⤵
-
/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnoseiogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin1⤵
-
/usr/sbin/spindumpspindump -shutdownstall 2 -timelimit 51⤵
-
/bin/shsh -c /usr/sbin/kextstat1⤵
-
/bin/bashsh -c /usr/sbin/kextstat1⤵
-
/usr/sbin/kextstat/usr/sbin/kextstat1⤵
-
/bin/bashbash /private/var/install/shutdown_installer_tasks1⤵
-
/bin/bashbash /private/var/install/deferred_install1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD5c92127f7ee48ad5e3c8b165ef0dcba1c
SHA17fabbe716497efc2de185429b40127cdd58f59b7
SHA25604fefbaa058a5c300a90a50be6894dde2138fa47239dd93e7b9265352a96e4eb
SHA51229d6c275b4337e642dfc183316969acbc345c0cfae53f94a103192e56fbf73499cc05cbf8076788191434162ba75275adfbbe0bf31ade37be0c76954570b1ccc
-
Filesize
124KB
MD59e48e2f7c1525cc6c7a15bda29cfd853
SHA1ecfdea45d6df76d8634873fbbd118451a1ed9c5e
SHA25699acea7f77b06698a698bbb86d1c13c5e97139e7cfeffa9fe3bdb86c5b5a5582
SHA512788dd84dd21b4e39166b25218807bed8ce3b9fbca0f4d3dec6017825a5f5e7f6e8d54ea6580f74b859c4fd42f44fbe67fef46fcea1d7b41b9141be191d41835e
-
Filesize
150KB
MD576ebb0196d42a294b69ef118cbb301d5
SHA161e5ab752d351af1661716bc48c0520f66cd1d1b
SHA256aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759
SHA5128dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663
-
Filesize
132KB
MD5689d99d6d3ba4f314631eb9a39d64986
SHA1f4357736da92b3f44fa0d5536e3b4214b2012478
SHA256072a931f46589c17f7707e5f61af5ab5e2f05820d3f467f17dc2d5b20ea60544
SHA5126c7d4a464e3dd47c880877b575af1f3e02a2b21eebfbddc1e48a031bf27edd7f627b7a7fe804e6b9e7d1e6a908fb11366022ac3c8ccdc90048c720b43130df9a