Overview

overview

3

Static

static

1

Applicatio...e Docs

ubuntu-18.04-amd64

3

Applicatio...e Docs

debian-9-armhf

3

Applicatio...e Docs

debian-9-mips

3

Applicatio...e Docs

debian-9-mipsel

3

Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    10/04/2024, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Applications/Google Docs.app/Contents/MacOS/Google Docs

  • Size

    216B

  • MD5

    3a28c0d53e6a9fd0728cf07fd405aac2

  • SHA1

    451ef9641ce24fc57c87873055d183d75ced32dc

  • SHA256

    d296dc02d07347ad6a3bc1da153b34801774f03c2253a35df401424fb9b1496b

  • SHA512

    bf22630d2c991af97f11a4d2b77a80fc10d3ec062aae1d3885a15748073e7d19992914653b7eb49c49931922e4e5c626a38d6e5f0bed52061434c049973e8169

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs
    "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
    1⤵
      PID:1530
    • /usr/local/sbin/bash
      bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
      1⤵
        PID:1530
      • /usr/local/bin/bash
        bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
        1⤵
          PID:1530
        • /usr/sbin/bash
          bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
          1⤵
            PID:1530
          • /usr/bin/bash
            bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
            1⤵
              PID:1530
            • /sbin/bash
              bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
              1⤵
                PID:1530
              • /bin/bash
                bash "/tmp/Applications/Google Docs.app/Contents/MacOS/Google Docs"
                1⤵
                  PID:1530
                  • /bin/open
                    open "https://docs.google.com/document?usp=drive_fs"
                    2⤵
                    • Reads runtime system information
                    PID:1531
                • /tmp/Applications/Google Docs.app/Contents/MacOS/https:/docs.google.com/document?usp=drive_fs
                  "https://docs.google.com/document?usp=drive_fs"
                  1⤵
                    PID:1532

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads