gimmick | 2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f | Triage

Sharing

General

Target

2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f
Size

713KB
Sample

240410-l4eyeaeg7y
MD5

23699799f496b8e872d05f19d2b397f8
SHA1

fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8
SHA256

2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f
SHA512

f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288
SSDEEP

6144:0RDkTCDC628O+i5Npv56/SfQ7WXIRPeTqiKjBAaIeuLkN04b1Z2O/a0csN2oGA8s:q5o657MOPhKCuo64b//nPpA/OGg2Y5

Score

10^/10

gimmick backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f
- Size
  
  713KB
- MD5
  
  23699799f496b8e872d05f19d2b397f8
- SHA1
  
  fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8
- SHA256
  
  2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f
- SHA512
  
  f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288
- SSDEEP
  
  6144:0RDkTCDC628O+i5Npv56/SfQ7WXIRPeTqiKjBAaIeuLkN04b1Z2O/a0csN2oGA8s:q5o657MOPhKCuo64b//nPpA/OGg2Y5
Score

10^/10

gimmick backdoor execution persistence
- Gimmick
  Gimmick family.
  backdoor gimmick
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gimmickbackdoorexecutionpersistence