ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa | Triage

Submit
Reports

Overview

overview

Static

static

3

Endermanch...0r.exe

windows11-21h2-x64

Endermanch...0r.exe

macos-10.15-amd64

1

Resubmissions

29/02/2024, 18:54

240229-xknxrahd61 10

29/02/2024, 13:30

240229-qr1rkaad8v 10

28/02/2024, 18:15

240228-wvx3qsae85 10

28/02/2024, 13:41

240228-qzkqbach65 10

28/02/2024, 13:14

240228-qgsm7scd6w 10

27/02/2024, 16:58

240227-vgztqsee34 10

27/02/2024, 16:40

240227-t6jndaeb78 10

27/02/2024, 16:39

240227-t5zm7sed7s 10

27/02/2024, 16:38

240227-t5eyssed6s 10

Analysis

max time kernel
132s
max time network
139s
platform
macos-10.15_amd64
resource
macos-20240214-en
resource tags

arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
28/02/2024, 13:41

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

win11-20240221-en

wannacry discovery persistence ransomware spyware stealer worm

windows11-21h2-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

[email protected]

Resource

macos-20240214-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

[email protected]
Size

3.4MB
MD5

84c82835a5d21bbcf75a61706d8ab549
SHA1

5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512

90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
SSDEEP

98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/[email protected]\""
1⤵
PID:534

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/[email protected]\""
1⤵
PID:534

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/[email protected]"
1⤵
PID:534
- /bin/zsh
  /bin/zsh -c "/Users/run/[email protected]"
  2⤵
  PID:535
- /Users/run/[email protected]
  "/Users/run/[email protected]"
  2⤵
  PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:538

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:567

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:568

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:569

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:570

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:572

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:573

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:580

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
288B

MD5
55d707d8a498ca399dd49c710374392d

SHA1
94956fb7af8ebb24faa018be5739179ae2e21dbb

SHA256
0de9ce482bde894cb5d5042cfeaf0d54cb0f56ad4852caa4d06ad54a53a7b49f

SHA512
e6183083a8f1f1ea5e67806ecbcab5adefc331aca2622e3b846cee48b803a91076dfd9a905573ee71c900bc5563b4e6e7f3ab994de7e29552a01647cd29ad20e

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
355B

MD5
a6ef4856e99c9d8e1d9bb762c5a8503a

SHA1
25d5405ad91791b716ae5a56b37aa2b393854967

SHA256
232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa

SHA512
582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
a8ab6f8bf7fb6b1d5f140e9c1d5bc5f0

SHA1
cd6b62b34b7201d63b56172ab0dc5da3c0fc87ff

SHA256
5cfad83d490792541b4e97a54ac44ee00319d1aec69789adf56945feaf02745e

SHA512
9eb6f1c591353cc16121f46a366946abcb677386f7823f46ad47dfcc8e1d770a43617a9ea2f63d0e84b8975da309f8d7e91becb3b5d682e624ad0483e3fbb4ca

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1184.xml

Filesize
157KB

MD5
de0d1de3897d152e34fad38ac8384188

SHA1
8783a7701c14576789a2316e0f3f9c3d5acd660a

SHA256
fd449596e4bb21c338a5102cd749ba1c87debfe62d1c161deb0cc7d8d74e8226

SHA512
5fd1734e6289fa80752c4c583875577e87d7f58b01c5d14445d7888c172acd94ab0c4d3332660e1d92706678e1611515393c7c3d28be0d0e735028e1f5d16de5

Download Submit

© 2018-2025

Terms | Privacy