Analysis
-
max time kernel
138s -
max time network
142s -
platform
macos-10.15_amd64 -
resource
macos-20240214-en -
resource tags
-
submitted
06-04-2024 04:20
General
-
Target
2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
-
Size
168KB
-
MD5
d435c0ace8568a1cc2a86b4553d506e2
-
SHA1
2e6e5fa2111157eca8c94f8b04d24db2269bad33
-
SHA256
ec6ef8d49491f1740e81fbc6bcbf75c706dc6599f18e51aee7f3fa2cacb5ea2e
-
SHA512
0e5149b913081bdc921d5dd1e5890114ba79b6ff13f975d8f431be03e8d9041a64d92e2478f9288524561be5b5b034f78d842532f357250e717077140b3e5a94
-
SSDEEP
3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq920:5SeOQdaZNxtk8cqhSxvHY9
Malware Config
Signatures
Processes
-
/usr/libexec/xpcproxyxpcproxy com.apple.newsyslog1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.pluginkit.pkd1⤵
-
/usr/libexec/pkd/usr/libexec/pkd1⤵
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest1⤵
-
/bin/zsh/bin/zsh -c /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest2⤵
-
-
/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.icloud.findmydeviced1⤵
-
/usr/libexec/findmydeviced/usr/libexec/findmydeviced1⤵
-
/usr/bin/pluginkit/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater6BDB2703/OneDrive.app1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.bird1⤵
-
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818