47c6df8465a23560f384f76a6052a35c7253696bc1abaa4631647b88795d17fa | Triage

Submit
Reports

Overview

overview

Static

static

316-54-0x0...ry.exe

macos-10.15-amd64

1

Resubmissions

11-03-2024 21:35

240311-1ffx5afa5x 10

11-03-2024 21:34

240311-1eqe6sfa3y 10

11-03-2024 21:33

240311-1efwqsha88 10

11-03-2024 20:50

240311-zm1ensga78 10

Analysis

max time kernel
17s
max time network
20s
platform
macos-10.15_amd64
resource
macos-20240214-en
resource tags

arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
11-03-2024 21:34

Sharing

Static task

static1

snow09 1686740620 qakbot

2 signatures

Behavioral task

behavioral1

Sample

316-54-0x0000000000280000-0x00000000002A4000-memory.exe

Resource

macos-20240214-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

316-54-0x0000000000280000-0x00000000002A4000-memory.exe
Size

144KB
MD5

dd80117a1b0174932875a12a42cd875f
SHA1

d9eb9a216dc9688b7918d14f0ac229ec66aa671e
SHA256

47c6df8465a23560f384f76a6052a35c7253696bc1abaa4631647b88795d17fa
SHA512

2d239edd815d92639c60cac9cfedcfc67e36faf48a277e5d459b543bb46e5c3cc634ae282a396075416915d706dfe7a3773124609e411041a9fc86285e709d34
SSDEEP

3072:y0cK9DFCoybq0NwvsaAHyFAfOJI4fxzTBfQjcoG5y:kPiUaB2fOJrfxzTBojcoG5y

Score

1^/10

Malware Config

Signatures

Processes

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkd
1⤵
PID:571

/usr/libexec/pkd
/usr/libexec/pkd
1⤵
PID:571

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe\""
1⤵
PID:573

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe\""
1⤵
PID:573

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe
1⤵
PID:573
- /bin/zsh
  /bin/zsh -c /Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe
  2⤵
  PID:575
- /Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe
  /Users/run/316-54-0x0000000000280000-0x00000000002A4000-memory.exe
  2⤵
  PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:594

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:594

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:595

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:596

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:596

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:605

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app
1⤵
PID:606

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy