General
-
Target
.
-
Size
24KB
-
Sample
240425-hewm3sge93
-
MD5
2d38aec3eaf1571cde8f5f8e0181e3b8
-
SHA1
ef98e2673a01935f2edabc454e877b3fc9b9f7b1
-
SHA256
6791247a41dbb8786ff3da6fff6821964a27c93f178ed9dd5e59888143a57c7c
-
SHA512
999b7fac2d928848323a3f72e9654bae9afa4cd7120e463801d494d9b9b97c2b363a75f47cfc20e21f0601da8409dac8dfd6292ede99609cb64d594a925babc4
-
SSDEEP
768:FAp0r+0r4bCv4XYCJbpiHUJ6yCpzAV66lHJRmVI1U69qPcNXs2r1hIzjjizuKzh2:yp060UbCv4XYCJbpiHUJ6yCpzAV66lHw
Static task
static1
Malware Config
Targets
-
-
Target
.
-
Size
24KB
-
MD5
2d38aec3eaf1571cde8f5f8e0181e3b8
-
SHA1
ef98e2673a01935f2edabc454e877b3fc9b9f7b1
-
SHA256
6791247a41dbb8786ff3da6fff6821964a27c93f178ed9dd5e59888143a57c7c
-
SHA512
999b7fac2d928848323a3f72e9654bae9afa4cd7120e463801d494d9b9b97c2b363a75f47cfc20e21f0601da8409dac8dfd6292ede99609cb64d594a925babc4
-
SSDEEP
768:FAp0r+0r4bCv4XYCJbpiHUJ6yCpzAV66lHJRmVI1U69qPcNXs2r1hIzjjizuKzh2:yp060UbCv4XYCJbpiHUJ6yCpzAV66lHw
-
Path Permission
Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Queries the macOS version information.
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
-
System Checks
Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.
-
Gatekeeper Bypass
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
-
File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
-
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1Subvert Trust Controls
1Gatekeeper Bypass
1Indicator Removal
1File Deletion
1Hide Artifacts
1Resource Forking
1