Analysis
-
max time kernel
1799s -
max time network
1510s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
25-04-2024 11:28
Static task
static1
Behavioral task
behavioral1
Sample
myapp.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral2
Sample
myapp.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral3
Sample
myapp.apk
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral4
Sample
myapp.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
myapp.apk
Resource
macos-20240410-en
General
-
Target
myapp.apk
-
Size
47.2MB
-
MD5
9bf6ae988263b38ae6e59c8f1e99d30f
-
SHA1
0c5220598ee4f9d1a5fed3bd948d79ecfeb01849
-
SHA256
e445882bd238941ae744f5b78616d3d2d59103215a834f2a364c2addf266e499
-
SHA512
88d1e773f4efc44f39e6744c1a90b99b61934e4f8bacec8b490d8f9a063062dde047ea1818839aee002585782182be14a15c47608f56ec3a97b961da9e018b26
-
SSDEEP
786432:wP/4EkDI9kOhRk1Vpq8lzQqpNHtssueQe8muam9BH5eVazh2MVJmdb:989kOhe1V88lsqp3XjQe8mu/Lz14b
Malware Config
Signatures
-
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes:
ioc process /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
Processes
-
/usr/libexec/xpcproxyxpcproxy com.apple.var-db-dslocal-backup1⤵PID:479
-
/usr/libexec/pkreporter/usr/libexec/pkreporter1⤵PID:478
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/myapp.apk\""1⤵PID:480
-
/usr/bin/xar/usr/bin/xar -c -f dslocal-backup.xar dslocal1⤵PID:479
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/myapp.apk\""1⤵PID:480
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/myapp.apk1⤵PID:480
-
/bin/zsh/bin/zsh -c /Users/run/myapp.apk2⤵PID:485
-
/Users/run/myapp.apk/Users/run/myapp.apk2⤵PID:485
-
/usr/libexec/xpcproxyxpcproxy com.apple.gkreport1⤵PID:481
-
/usr/libexec/gkreport/usr/libexec/gkreport1⤵PID:481
-
/usr/libexec/xpcproxyxpcproxy com.apple.loginwindow.LWWeeklyMessageTracer1⤵PID:482
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵PID:482
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemstats.daily1⤵PID:483
-
/usr/libexec/xpcproxyxpcproxy com.oracle.java.Java-Updater1⤵PID:484
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵PID:484
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:531
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:531
-
/usr/libexec/xpcproxyxpcproxy com.apple.diagnosticd1⤵PID:532
-
/usr/libexec/diagnosticd/usr/libexec/diagnosticd1⤵PID:532
-
/usr/libexec/xpcproxyxpcproxy com.apple.appleseed.seedusaged1⤵PID:534
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"1⤵PID:534