480a3f3407eaf5088f7cea9afe3ef96d968a4e571687a33adee57740ce39b673

Sharing

Copy URL

Twitter E-mail

General

Target

086
Size

87.1MB
Sample

240403-heqf3aag58
MD5

a33b6c5905cefced329fa89f5eebb481
SHA1

3559265cdff223eb31d1996ba2de9ac7aee9f8e7
SHA256

480a3f3407eaf5088f7cea9afe3ef96d968a4e571687a33adee57740ce39b673
SHA512

59388952f0b013cab8b73e367854baa7eda37cdab1748dac4e038c31ae80bc3a44e41ab82b3d75e06d9468a6fbb5b33a623b6255dbb1c2583b0d085b0a4290a1
SSDEEP

1572864:wippXg2FG5Y4/9YgOf1oiXU+wFxBMkkR8lQ6WzZeBWuoSV2v7imql43z1y7abOGE:RpQ4zaaV1o6U+wFx6kCTtZeNguzlMy7B

Score

7^/10

Malware Config

Targets

- Target
  
  086
- Size
  
  87.1MB
- MD5
  
  a33b6c5905cefced329fa89f5eebb481
- SHA1
  
  3559265cdff223eb31d1996ba2de9ac7aee9f8e7
- SHA256
  
  480a3f3407eaf5088f7cea9afe3ef96d968a4e571687a33adee57740ce39b673
- SHA512
  
  59388952f0b013cab8b73e367854baa7eda37cdab1748dac4e038c31ae80bc3a44e41ab82b3d75e06d9468a6fbb5b33a623b6255dbb1c2583b0d085b0a4290a1
- SSDEEP
  
  1572864:wippXg2FG5Y4/9YgOf1oiXU+wFxBMkkR8lQ6WzZeBWuoSV2v7imql43z1y7abOGE:RpQ4zaaV1o6U+wFx6kCTtZeNguzlMy7B
Score

1^/10
behavioral1
- Target
  
  SyncBird Pro 4.0.8/Activator.app/Contents/MacOS/GUI
- Size
  
  407KB
- MD5
  
  4c2ec35d13c5f44000caf658e40e444c
- SHA1
  
  3a9a511b32753de5e3824abc91a1969bf12fbb47
- SHA256
  
  864195bf9a51cc94aa43c9c37c7c36b3e1b31a62bc96494fe6c5bd78de50d3a4
- SHA512
  
  1e1b83dcd2e65f4ae2bc61d8edf00bd5f88790cf637af2cb8f9983adc7970b0999c555a59bc43ae6e62936f9e0d968f41cc66748380d87e804fdab20e49421bb
- SSDEEP
  
  6144:O7GArxSNzWzUfhyocArZRaDT0JCkDoGk:MwtRaf
Score

1^/10
behavioral2
- Target
  
  SyncBird Pro 4.0.8/Activator.app/Contents/Resources/python-3.9.6-macosx10.9.pkg
- Size
  
  28.6MB
- MD5
  
  d714923985e0303b9e9b037e5f7af815
- SHA1
  
  1ce9a1236c7c8a11bc82465861166b553c521b63
- SHA256
  
  da57f6526b68877e5705b97739f9adb48a9866570c5447accd8e12721d0c64a5
- SHA512
  
  e1d5b07246a9da4fd88ddd6b445ba2e8b4b566c378f473e3176c60603f54e84ae63a8748b3a53251ef5b249fd63121a4b228d929ae5eef00d070a23e1beb1f5a
- SSDEEP
  
  786432:bcWwCzIG6wY4/WbgdYgOf9bohg4huU+1ijZMoxBMrwkR8/FMd7:bcWwFG5Y4/9YgOf1oiXU+wmoxBMkkR8q
Score

7^/10

discovery evasion persistence
- Installer Packages
  Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
  persistence
behavioral3
- Target
  
  SyncBird Pro 4.0.8/Activator.app/Contents/Resources/tool
- Size
  
  169KB
- MD5
  
  948c1bdc9edf3e57758b677a0a449f34
- SHA1
  
  a3b9ea16b0d44e835d6458db44c018349f1cff3f
- SHA256
  
  4b1b8050588ad791c314ba18ba0a6b82a5b77ff8f188de7d51e13ea981ff5860
- SHA512
  
  a61f433c66c4a9bd8cbe906d4bfef799ec3e5d7a9f14fa00ca65fe8053842e9530369250bb32d42182a24f89dd3689191915da79b7722e2e67c08bb3283127c0
- SSDEEP
  
  768:DF8oMgvx15ne8DpC4owYEiIXIEQbadpdCukl19F7vWp:J5e8VC0JdCukC
Score

4^/10

evasion
behavioral4
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/BackupManager.dylib
- Size
  
  859KB
- MD5
  
  e6aaa24acad1927c5d625db6a5920ce2
- SHA1
  
  e50a11cc822357f35911c516bbab07f50d10bd60
- SHA256
  
  d5c6ad44c78f4c89d211a7eac8f7bdb2715c6ff96a2315d6311b6e255a8462ed
- SHA512
  
  c97c38d46a8dcd60763a82bc830bbd8e2ba92f4715b22eed2355aeef1ff231fbf2113aa216db334bc0f965a9e09eb995d3d65586f56eb29fb01490916a780a57
- SSDEEP
  
  12288:4D0lLuJrFd1OszlbMscJwsiRK6vYFe4+:HgrFd1OszlbM3JwsioFe4
Score

1^/10
behavioral5
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/Logger.dylib
- Size
  
  390KB
- MD5
  
  24b8ebcb752d321c59f98402d00f01af
- SHA1
  
  fac52e7e4a99353b22f24089f50b07a8d9a9dca0
- SHA256
  
  bc99bf5a5584f10079d607cfdb206d1482d75bbd5274035f07786459235e08e5
- SHA512
  
  e885c108c662059a95d88d07829003aaa8dae6eaca19973729afc3ce6e99717c6f1a1147debaeac47f3a2812c816a34d55c81083f2c3b6e2910f03acc17f85b4
- SSDEEP
  
  3072:D5MwS7ffkhhYNC40s36C96+DZuDVz7K8lZgqd6hHqFU:e7ffkhh6C40GlNo94Bqq
Score

1^/10
behavioral6
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/ModelBase.dylib
- Size
  
  1.8MB
- MD5
  
  36920b0fd9a8981bae50e8d6b7aa25e6
- SHA1
  
  19882c9d1eeb20922c5142556258ce977e942ebf
- SHA256
  
  6fc28c669f3c811e2a843cbd44ce9ad0289a814f05acfee76411c94c0d07ebfe
- SHA512
  
  0c95e89fd49c8929b266ccb7d24c0a2e76037df9c9afdc481dddd8884d3fe080c7c969134262bbfca734d1fd3c3348519dee8e4c7231d78dbea5454f72bc62b9
- SSDEEP
  
  24576:+euZKV2MSKV2Md669LnYJhB6FxrV2M/V2M:mKV2MSKV2Md669LqB0rV2M/V2M
Score

1^/10
behavioral7
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/SqliteManager.dylib
- Size
  
  433KB
- MD5
  
  463f6947e8c59251752d767526efa37a
- SHA1
  
  a0c12ab900319a1d545b613216039a08aff7cc46
- SHA256
  
  adec311b0e0ee2bf3ccd69827a778da870e9caf9d04eb9ea8da785787277b81d
- SHA512
  
  40f44d94a611df72dd7939633b4bbfa88d50346ba2793f339bc5b8b71c1fffdfbba5c8876967a687ccd85ccd5bc47ffc69435f188a33aeb429068750ca269e30
- SSDEEP
  
  6144:MhXP9Ajkfwtjb4ZbFn5po4YJsljbakbY:Q1AjntQNp/YJOC
Score

1^/10
behavioral8
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/UIElement.dylib
- Size
  
  1.2MB
- MD5
  
  05345a15a695c6ab02c6c9acb16367e9
- SHA1
  
  38453347c82f223a93d96dd3d7fb9b22226b9d55
- SHA256
  
  33fb007120a49d5c7ae1a94780399c321fd2b51e4aa6f653acc35bef6420c5ee
- SHA512
  
  38a481536d3a7d152f40d4a41e962b4e105d25e0a3fa24b56bdb56c331828ba38533fccbef88013637b9fd0e6dc5c274fdf47ec82cc7ef6ec0cdca31789d7e05
- SSDEEP
  
  24576:hj+vyVqTka0X8vaqYe0kB4TmKqUTka0Dg8va7Q:hyvyqTka0X8vak4ka0Dg8va
Score

1^/10
behavioral9
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/UntilityCore.dylib
- Size
  
  5.2MB
- MD5
  
  b02a297a6ba2f4c7e8f2f25a21af45a0
- SHA1
  
  20dd24a7905ec31756442a7bc35066b262528062
- SHA256
  
  2c80ddd1cb7b91bd3226d1ea4f727eb02cb43ca4c0e8601fedadf88bf53270a4
- SHA512
  
  8f705e6c1ee1cb3ae7b9f661aa7414ad76ad54d2e0d8d8f86498242068c8f6edd73792389d722871db2e662e6fc5520c72a184907c3b2b82efe6c5e58bc197da
- SSDEEP
  
  98304:8cNnlFhh4/ehjebQ0rwKVotIxb2AxpotIxIuhNKKFeHwK7t1IxbiAxDIx4:8MnlFQ1otIxbjotIxIJK+t1IxbJIx4
Score

1^/10
behavioral10
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/ZipHelper.dylib
- Size
  
  469KB
- MD5
  
  6a4a07431ad4ce8d08aad40c6ae13fad
- SHA1
  
  28281801c759e84559cb401211f9c6277c4b8bd6
- SHA256
  
  395e1c5d9fe0ba32a57e5e9871665f53b8f7b140ded5b76e9ecb338683ce6e36
- SHA512
  
  2fa26174b09b9e8dfdc8d68b9d8152306464624a233f73a77a97421778e3efccfaa84d41e535182ad1b9c94be6fece2dd09017c15dd5d49a2484dc565211e0e3
- SSDEEP
  
  6144:AQm0fjctJ7EsfTBOgt+LFy5IPdpJEwbvTBi5/guksi2bu:AQm0foXEsfT8gadKwbvTopk8
Score

1^/10
behavioral11
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/libConfigurer64.dylib
- Size
  
  283KB
- MD5
  
  aa4be63e0eade80cb25f01a902606e50
- SHA1
  
  28110fe1a648f40c8816e2164ecd70414d816a4b
- SHA256
  
  7085d2b1830063de5b4e32421c6da187f9189282f1a4dd9c417bdb0ee82fb129
- SHA512
  
  33b36639460ef140d1af85e79b6d92b304e1fc72767ff6a4b6d07c3788a81f799eb97be5445bbc6ce45a35d26fbbe1b07615e9eaae95d7f183cbd86d0dde89c6
- SSDEEP
  
  1536:J++yPCVcFqUxa/cmf0m40mrEmCJFnGxZtI:J++8CVcFa/cmf0m40mrEmCJFGxY
Score

1^/10
behavioral12
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/libLzmaSDK.dylib
- Size
  
  2.3MB
- MD5
  
  23b13541f55a3f49d9fb84103797ab0b
- SHA1
  
  c81f43c5b83514ea4054291234f8edd56ba60612
- SHA256
  
  d59540e05f283632db5be88d8ca2f933f19ec63f88897c42d27089e6bcc84d6e
- SHA512
  
  0f55f9128de5f7d98ebde93638dc34a2d2aa1a4755ef40240064acc178d0d14e03ea95cf49d5627ce2966127cb321edd38644ac77fc55759e5c256edef4ea03f
- SSDEEP
  
  24576:OZy7qWaVXUrGNjY3cICkyi/iPOuRfXfGiEEqT12RT7nVlsOiFGOn:gy78jKcI0fXpP09FD
Score

1^/10
behavioral13
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Frameworks/libMediaConverter.dylib
- Size
  
  855KB
- MD5
  
  ee45f4fca3454065582cb82d77fff09c
- SHA1
  
  497360ce5f6528e1bce956d960f49136cb086eaa
- SHA256
  
  520b47910340a9e54d4c7a83215e7e67a3f6d2436711dadd1f328395e27e50ce
- SHA512
  
  ad10ac4574df852f2dab9c94b5261c89f981db53ebf7b8d40a2fa06551a9cc54d486f58c47e78fb160ec371a6b5774d6fb0fe3b63beecaa492d2bf84e0447a73
- SSDEEP
  
  24576:/ZOkb/jCnermuhxnO/5STy3l3uhOOGSTy3l:/9AeLO/5STy3lXOGSTy3
Score

1^/10
behavioral14
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Resources/DeviceBackupRestore
- Size
  
  182KB
- MD5
  
  c84c28bb2596f07705aa4ee654079261
- SHA1
  
  fdfbf97803905ed2b1d436c43fe2b6f07f35ebad
- SHA256
  
  10aa65446ffbf7696e649f8617921768441b20bbe0f580a0a8702cbdf9002d46
- SHA512
  
  00ac3b0b340118f82f64416e7177ff978dcebe97415074de131e05b04d06ded3c977270f00cabb4bc481cd9f804da917e59ba1889c620f456a3ecbb411b0b18e
- SSDEEP
  
  768:81RVRpby3WQMb641GR+Jm3TIF9F/CzC2i88kab8pcpVi6QyAqIQMbzXkhhiY8LZd:kQMb6IGcmri8hKjVRVSQMbT6hiYwKs
Score

4^/10

evasion
behavioral15
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Resources/LibraryHolderViewController.nib/keyedobjects.nib
- Size
  
  24KB
- MD5
  
  b122e537a31463b74ee72530e60472cf
- SHA1
  
  d1c43c4ce1d665f6aa7332f41361576fc656b9d4
- SHA256
  
  8b46d4e0c8efcf3e620cd52436610a639bc2e70930efe2a15fefce0d980e3bda
- SHA512
  
  1b867188a8049ff0604c0881dda3767f30e90d0c47d23e4defe64a736a7ba34cc20b077732f37107ed3566934e6184ed811e9bec18f37a9a1c298c694aa48aaa
- SSDEEP
  
  768:9gGbLNRUYyroY2v5+UMJl0Yyl/SX+s3BD:9ggK65TNI3V
Score

1^/10
behavioral16 behavioral17
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Resources/MCPrivilege.app/Contents/Library/LaunchServices/com.minicreo.PrivilegesHelper
- Size
  
  89KB
- MD5
  
  cc22ebc9278c47ec0b4d6da8db7ce52b
- SHA1
  
  04e8d0b7cf154a7a38f6ec05408f180decd4096b
- SHA256
  
  6f51aa00ab19543b812649b457e5830725dee27ed13181b42ddf5f97a555b522
- SHA512
  
  f23b3ec0a6a3b26c6aa19d17578a2794f3f485fd7827c61f47e6eea5b3c8f5fe30a5dbc89a68a88dfe07e6136ebf45cfc999142452ab1355ac4dbe81ac3b5c00
- SSDEEP
  
  768:qumv3WhEunCrAEmopqIRENO0l6ZcN1r91EugKOb2ISIRIkIX7wECZCrCgzK8LcaY:e1uCrDmop9R0xJENhkwEC3OcK
Score

4^/10

evasion
behavioral18
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/Resources/MCPrivilege.app/Contents/MacOS/MCPrivilege
- Size
  
  85KB
- MD5
  
  e4ee64e4a893d7062d0c42317883f84b
- SHA1
  
  17f4eebe3a0537ed21dc79bf8ce5daff3429a11e
- SHA256
  
  20baed19dc18f7459717b006b3490f3ccb864b4b9e1e4b6a39beea97f30b355f
- SHA512
  
  a0ea304c7a2672c6b072dab968f0125c6f78caf077b118dd5532514755917b194c46aa12c977dba7eb42497bdf75d4910f702c56e6c19017522e5e2c7c410ba9
- SSDEEP
  
  768:npY4/6I+VadDnDom+QKKyOC14JHukI0I3IaIwSL2QCezUCS8zJq1ab8:G4zA/sy5guNSL2oqwwK
Score

4^/10

evasion
behavioral19
- Target
  
  ffmpeg
- Size
  
  74.5MB
- MD5
  
  248309e19ad5dc87bec186dabdf65315
- SHA1
  
  da09566ba946668e10b72ec873736d4b865500db
- SHA256
  
  c669c408be95a7770ead630ee35f80a03416834bcdbf35151505e94c1cf0e3ad
- SHA512
  
  50e09b80001ff2387cbc66cdc4784630e9ef47a87c27a2e0dc52fb6e776653e663547b95f87a7574c9f2c3c80d007c0ba33c3a90917db429855cf788e8794f76
- SSDEEP
  
  1572864:Xt3p+6jz0M/2i0+9gZwdcYS/aEHBt6w5Hnflkg:Fp+6jz0
Score

1^/10
behavioral20
- Target
  
  ffprobe
- Size
  
  74.5MB
- MD5
  
  cd80f74ee850d73070e331ce3b869f83
- SHA1
  
  3ce2fe0c24c26fd868b36cd2fb0a49355ed05f08
- SHA256
  
  a62ab37cce0b70f5e7c013ea5793002aa64965ca91d364265eb1b86d56383da2
- SHA512
  
  23d68f33bb53c2fd91cb69f135635cf82b50174b56556f39475146fb9c17ed7b7333817ba767509481da4c624f84a38dc11f1b94277116c0b4f15e2b12b26d97
- SSDEEP
  
  1572864:qtVp61rUTeZ1qBvSAsHwdcYS/aEHBt6w5HnflkgM:861rUTeY
Score

1^/10
behavioral21
- Target
  
  SyncBird Pro 4.0.8/SyncBird.app/Contents/XPCServices/calckek-service.xpc/Contents/MacOS/calckek-service
- Size
  
  141KB
- MD5
  
  ddb11b3e6105dd395a2e8e26600db5ac
- SHA1
  
  72680ee52d76c8ee3da94f37ee75bdbea47f304e
- SHA256
  
  8326eaf8a66b68c50969062561b1cd4619174f21b67c10cba624146d8154502e
- SHA512
  
  3eed7f27bcccd7faa8eda141d18ea4a50016171da0d4dae42755a3d0e4d8d3b926d376fdd217e70d33af7b4a963de6bbb867472289c069e363415fea0c3030dc
- SSDEEP
  
  1536:4pefqyk8kok8P4tTlVmszlbLE/pApt1pn78j1+PwrbihDOisJK:4byk8kokm4tTGszlbLE7jAPw06i+
Score

1^/10
behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

File and Directory Discovery

T1083

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Installer Packages

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22