558c66e7283fed4e16cfbd7889f3d5500e89f637cc48968bed0450852083dbf1 | Triage

Sharing

General

Target

Notion.dmg
Size

4.2MB
Sample

240425-lvsg5she9s
MD5

50ea75b971ec961867377b45b29bf356
SHA1

d68faef1b80f376cdf1524e14f8baa49f0074b9d
SHA256

558c66e7283fed4e16cfbd7889f3d5500e89f637cc48968bed0450852083dbf1
SHA512

647831bf84212d71e6829d7531e55ef94239150152e35068ab416108bd68c641b0088ca242c0d275a26c5e0f362f7f1bb02268a731be3a91f53e831fefb44528
SSDEEP

98304:U/SA+ELoHf3EpQioKSHejUSOuairOrLBzvKkYc0nhBaMEcRaBDywa:U/SA+EkHfyn3ISOupO3pvG/nhBaMxRiD

Score

8^/10

evasion execution macos

Malware Config

Targets

- Target
  
  Notion.dmg
- Size
  
  4.2MB
- MD5
  
  50ea75b971ec961867377b45b29bf356
- SHA1
  
  d68faef1b80f376cdf1524e14f8baa49f0074b9d
- SHA256
  
  558c66e7283fed4e16cfbd7889f3d5500e89f637cc48968bed0450852083dbf1
- SHA512
  
  647831bf84212d71e6829d7531e55ef94239150152e35068ab416108bd68c641b0088ca242c0d275a26c5e0f362f7f1bb02268a731be3a91f53e831fefb44528
- SSDEEP
  
  98304:U/SA+ELoHf3EpQioKSHejUSOuairOrLBzvKkYc0nhBaMEcRaBDywa:U/SA+EkHfyn3ISOupO3pvG/nhBaMxRiD
Score

8^/10

evasion execution
- Identifies hardware specifics through system_profiler
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
behavioral1
- Target
  
  Notion/Notion
- Size
  
  10.5MB
- MD5
  
  7c81f07861646ecd35eb5956e811372b
- SHA1
  
  d05e54c17bcc56ef3f44cd78f41339aac327d650
- SHA256
  
  34053a4fcddc5c3553eb9d988b32bc7bddae2ac63fdfc5b00a8270047706bd24
- SHA512
  
  ead8c71b23a0fc6df46f5ba5ff5dda993b3dd3e0a2daf3a5ac944402ce8356c29bf2dad4f681b251c9cb319d807be27e3dd3ca856ba9e817f64443aa00424bc8
- SSDEEP
  
  49152:DBg1bzmuJV6pyOMheYGLOQxixevx7OBLv0yyRD3VFl8kPJeBg1bzmuJV6pyOMhe1:3
Score

7^/10

evasion execution
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

Unix Shell

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionexecution

behavioral2

evasionexecution