ec6ef8d49491f1740e81fbc6bcbf75c706dc6599f18e51aee7f3fa2cacb5ea2e

Analysis

max time kernel
138s
max time network
142s
platform
macos-10.15_amd64
resource
macos-20240214-en
resource tags

arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
06/04/2024, 04:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
Size

168KB
MD5

d435c0ace8568a1cc2a86b4553d506e2
SHA1

2e6e5fa2111157eca8c94f8b04d24db2269bad33
SHA256

ec6ef8d49491f1740e81fbc6bcbf75c706dc6599f18e51aee7f3fa2cacb5ea2e
SHA512

0e5149b913081bdc921d5dd1e5890114ba79b6ff13f975d8f431be03e8d9041a64d92e2478f9288524561be5b5b034f78d842532f357250e717077140b3e5a94
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq920:5SeOQdaZNxtk8cqhSxvHY9

Score

1^/10

Malware Config

Signatures

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkd
1⤵
PID:548

/usr/libexec/pkd
/usr/libexec/pkd
1⤵
PID:548

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:546

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest\""
1⤵
PID:550

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest\""
1⤵
PID:550

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
1⤵
PID:550
- /bin/zsh
  /bin/zsh -c /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
  2⤵
  PID:551
- /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
  /Users/run/2024-04-06_d435c0ace8568a1cc2a86b4553d506e2_adload_evilquest
  2⤵
  PID:551

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:552

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:552

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:576

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:575

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:579

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:580

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:581

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:588

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:588

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:592

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater6BDB2703/OneDrive.app
1⤵
PID:593

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:609

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:609

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:615

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:617

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:617

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:623

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:624

Network

DNS

11.courier-push-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

11.courier-push-apple.com.akadns.net

IN A

Response

11.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.86

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.88

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.87
DNS

apis.apple.map.fastly.net

Remote address:

8.8.8.8:53

Request

apis.apple.map.fastly.net

IN A

Response

apis.apple.map.fastly.net

IN A

151.101.3.6

apis.apple.map.fastly.net

IN A

151.101.67.6

apis.apple.map.fastly.net

IN A

151.101.131.6

apis.apple.map.fastly.net

IN A

151.101.195.6
DNS

mobile.events.data.trafficmanager.net

Remote address:

8.8.8.8:53

Request

mobile.events.data.trafficmanager.net

IN A

Response

mobile.events.data.trafficmanager.net

IN CNAME

onedscolprdcus14.centralus.cloudapp.azure.com

onedscolprdcus14.centralus.cloudapp.azure.com

IN A

104.208.16.90

17.253.29.204:80

664 B
13
40.79.141.154:443

mobile.pipe.aria.microsoft.com

tls

21.4kB
9.2kB
52
33

8.8.8.8:53

11.courier-push-apple.com.akadns.net

dns

82 B
168 B
1
1

DNS Request

11.courier-push-apple.com.akadns.net

DNS Response

17.57.146.86

17.57.146.88

17.57.146.87
8.8.8.8:53

apis.apple.map.fastly.net

dns

71 B
135 B
1
1

DNS Request

apis.apple.map.fastly.net

DNS Response

151.101.3.6

151.101.67.6

151.101.131.6

151.101.195.6
8.8.8.8:53

mobile.events.data.trafficmanager.net

dns

83 B
158 B
1
1

DNS Request

mobile.events.data.trafficmanager.net

DNS Response

104.208.16.90
224.0.0.251:5353

332 B
1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.