e445882bd238941ae744f5b78616d3d2d59103215a834f2a364c2addf266e499

Analysis

max time kernel
1799s
max time network
1510s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
25-04-2024 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

myapp.apk
Size

47.2MB
MD5

9bf6ae988263b38ae6e59c8f1e99d30f
SHA1

0c5220598ee4f9d1a5fed3bd948d79ecfeb01849
SHA256

e445882bd238941ae744f5b78616d3d2d59103215a834f2a364c2addf266e499
SHA512

88d1e773f4efc44f39e6744c1a90b99b61934e4f8bacec8b490d8f9a063062dde047ea1818839aee002585782182be14a15c47608f56ec3a97b961da9e018b26
SSDEEP

786432:wP/4EkDI9kOhRk1Vpq8lzQqpNHtssueQe8muam9BH5eVazh2MVJmdb:989kOhe1V88lsqp3XjQe8mu/Lz14b

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 2 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck

/usr/libexec/xpcproxy
xpcproxy com.apple.var-db-dslocal-backup
1⤵
PID:479

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:478

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/myapp.apk\""
1⤵
PID:480

/usr/bin/xar
/usr/bin/xar -c -f dslocal-backup.xar dslocal
1⤵
PID:479

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/myapp.apk\""
1⤵
PID:480

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/myapp.apk
1⤵
PID:480

/bin/zsh
/bin/zsh -c /Users/run/myapp.apk
2⤵
PID:485

/Users/run/myapp.apk
/Users/run/myapp.apk
2⤵
PID:485

/usr/libexec/xpcproxy
xpcproxy com.apple.gkreport
1⤵
PID:481

/usr/libexec/gkreport
/usr/libexec/gkreport
1⤵
PID:481

/usr/libexec/xpcproxy
xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
1⤵
PID:482

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:482

/usr/libexec/xpcproxy
xpcproxy com.apple.systemstats.daily
1⤵
PID:483

/usr/libexec/xpcproxy
xpcproxy com.oracle.java.Java-Updater
1⤵
PID:484

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:484

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:531

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:532

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.appleseed.seedusaged
1⤵
PID:534

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:534

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads