Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    12/03/2024, 18:44

General

  • Target

    Exo_AA_software.exe

  • Size

    6.6MB

  • MD5

    8b5eeeeed392e1ae5bad0b5a94c5690b

  • SHA1

    da3ad5180bd3bb9021c8b9eec256c1e2aecd3b4f

  • SHA256

    3fa20a022ceafed663d70a0d7d41c2efe9fb185f1f9d2ed947e608c6076e9fae

  • SHA512

    42fe98a71de00f25e3628ca82a78c32338abf2214e7d6958335e381d3890cbc55d02473b6aade8ab7192d883fa04bb30e9d1a749d7e7e5265d8dec5af77e31ee

  • SSDEEP

    98304:R0Wrsjet17vxLYLD++e2+S1ycVzjr5epB1W9DkfjsbQ1/cbAK54oMjU1:Ui1dYBe2+SA0TczP+RMjU

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Exo_AA_software.exe\""
    1⤵
      PID:533
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Exo_AA_software.exe\""
      1⤵
        PID:533
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Exo_AA_software.exe
        1⤵
          PID:533
          • /bin/zsh
            /bin/zsh -c /Users/run/Exo_AA_software.exe
            2⤵
              PID:534
            • /Users/run/Exo_AA_software.exe
              /Users/run/Exo_AA_software.exe
              2⤵
                PID:534
            • /usr/libexec/dmd
              /usr/libexec/dmd
              1⤵
                PID:523
              • /usr/libexec/xpcproxy
                xpcproxy com.apple.sysmond
                1⤵
                  PID:538
                • /usr/libexec/sysmond
                  /usr/libexec/sysmond
                  1⤵
                    PID:538
                  • /usr/libexec/xpcproxy
                    xpcproxy com.apple.PerformanceAnalysis.animationperfd
                    1⤵
                      PID:559
                    • /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                      /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                      1⤵
                        PID:559
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.geod
                        1⤵
                          PID:567
                        • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                          /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                          1⤵
                            PID:567
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.AddressBook.ContactsAccountsService
                            1⤵
                              PID:568
                            • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                              /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                              1⤵
                                PID:568
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.routined
                                1⤵
                                  PID:569
                                • /usr/libexec/routined
                                  /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                                  1⤵
                                    PID:569
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.Maps.mapspushd
                                    1⤵
                                      PID:570
                                    • /System/Library/CoreServices/mapspushd
                                      /System/Library/CoreServices/mapspushd
                                      1⤵
                                        PID:570
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.nehelper
                                        1⤵
                                          PID:573
                                        • /usr/libexec/nehelper
                                          /usr/libexec/nehelper
                                          1⤵
                                            PID:573
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
                                            1⤵
                                              PID:577
                                            • /usr/libexec/neagent
                                              /usr/libexec/neagent
                                              1⤵
                                                PID:577
                                              • /usr/libexec/xpcproxy
                                                xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                                1⤵
                                                  PID:581
                                                • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                                  /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                                  1⤵
                                                    PID:581

                                                  Network

                                                        MITRE ATT&CK Matrix

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                                          Filesize

                                                          355B

                                                          MD5

                                                          a6ef4856e99c9d8e1d9bb762c5a8503a

                                                          SHA1

                                                          25d5405ad91791b716ae5a56b37aa2b393854967

                                                          SHA256

                                                          232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa

                                                          SHA512

                                                          582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489

                                                        • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                                          Filesize

                                                          355B

                                                          MD5

                                                          2f01f7a00c85e424f82b00b2bf794a7c

                                                          SHA1

                                                          c75cb52aa31012888dd7c65373d5faba6048c425

                                                          SHA256

                                                          23d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32

                                                          SHA512

                                                          75131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8

                                                        • /Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

                                                          Filesize

                                                          124KB

                                                          MD5

                                                          5e5b91e9668c245e7314d4a8b8c1e97b

                                                          SHA1

                                                          153f236c3735ffbfbaee5a6be8ef288b273e9be8

                                                          SHA256

                                                          e89bbdea851704328ab5dcbb9d50c98063d6e3aa9000ddcfdde8055fb2f68976

                                                          SHA512

                                                          2029a1e25a428c76c8f4d7a5337e972ea447beff2b8ca9136e5cb37e14c293013141d15e92fd0f4fe5bb353c0ac2bbb200ba1a1054a7e486b028205637609a91

                                                        • /Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

                                                          Filesize

                                                          157KB

                                                          MD5

                                                          f627cf4820da06be8e6ff3fdec6ebfee

                                                          SHA1

                                                          993d8ec88721b9e76c3fe1f5987338a61b452bf8

                                                          SHA256

                                                          f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7

                                                          SHA512

                                                          bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f