hxxps://www[.]youtube[.]com/watch?v=SJKVdJycZEI

Analysis

max time kernel
1789s
max time network
1794s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
19-04-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=SJKVdJycZEI

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
evasion

Resource Forking
T1564.009

Processes:

ioc process

"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck

ioc	process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=SJKVdJycZEI\""
1⤵
PID:485

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=SJKVdJycZEI\""
1⤵
PID:485

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=SJKVdJycZEI"
1⤵
PID:485

/bin/zsh
/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=SJKVdJycZEI"
2⤵
PID:486

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:482

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:530

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:531

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.rtcreportingd
1⤵
PID:532

/usr/libexec/rtcreportingd
/usr/libexec/rtcreportingd
1⤵
PID:532

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-04-19-05-14-50.event
Filesize
5KB

MD5
048a1200c13c1dca8d1e4782ebee64e4

SHA1
fc369a72ff9bff494389b370136ac9e908abaf71

SHA256
301c5865decc7e2769da056332d4bc41aac935d65d0aa2fd86f2fb868f8c9f89

SHA512
ca5f9f89075f5073149319447bb84db586ea74293799c6c27e74343b66d2e130aeea1b2b302564abc6f3cd912bbd92ba21cec5e6d5f4acef1a13342bb5dad28f

Download Submit