Overview

overview

8

Static

static

1

.html

macos-10.15-amd64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .

  • Size

    24KB

  • Sample

    240425-hewm3sge93

  • MD5

    2d38aec3eaf1571cde8f5f8e0181e3b8

  • SHA1

    ef98e2673a01935f2edabc454e877b3fc9b9f7b1

  • SHA256

    6791247a41dbb8786ff3da6fff6821964a27c93f178ed9dd5e59888143a57c7c

  • SHA512

    999b7fac2d928848323a3f72e9654bae9afa4cd7120e463801d494d9b9b97c2b363a75f47cfc20e21f0601da8409dac8dfd6292ede99609cb64d594a925babc4

  • SSDEEP

    768:FAp0r+0r4bCv4XYCJbpiHUJ6yCpzAV66lHJRmVI1U69qPcNXs2r1hIzjjizuKzh2:yp060UbCv4XYCJbpiHUJ6yCpzAV66lHw

Score
8/10
discoveryevasionexecutionmacos

Malware Config

Targets

    • Target

      .

    • Size

      24KB

    • MD5

      2d38aec3eaf1571cde8f5f8e0181e3b8

    • SHA1

      ef98e2673a01935f2edabc454e877b3fc9b9f7b1

    • SHA256

      6791247a41dbb8786ff3da6fff6821964a27c93f178ed9dd5e59888143a57c7c

    • SHA512

      999b7fac2d928848323a3f72e9654bae9afa4cd7120e463801d494d9b9b97c2b363a75f47cfc20e21f0601da8409dac8dfd6292ede99609cb64d594a925babc4

    • SSDEEP

      768:FAp0r+0r4bCv4XYCJbpiHUJ6yCpzAV66lHJRmVI1U69qPcNXs2r1hIzjjizuKzh2:yp060UbCv4XYCJbpiHUJ6yCpzAV66lHw

    Score
    8/10
    discoveryevasionexecution

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

      evasion

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

      discovery

    • System Checks

      Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.

      evasion

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

      evasion

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Subvert Trust Controls

1
T1553

Gatekeeper Bypass

1
T1553.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Credential Access

Discovery

System Information Discovery

1
T1082

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

File and Directory Discovery

1
T1083

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks