Overview
overview
10Static
static
3000.exe
windows10-2004-x64
000.exe
macos-10.15-amd64
4Ana.exe
windows10-2004-x64
Ana.exe
macos-10.15-amd64
4Bad Rabit.exe
windows10-2004-x64
10Bad Rabit.exe
macos-10.15-amd64
1Desktop Puzzle.exe
windows10-2004-x64
1Desktop Puzzle.exe
macos-10.15-amd64
1Memz.exe
windows10-2004-x64
7Memz.exe
macos-10.15-amd64
1NoEscape.exe
windows10-2004-x64
NoEscape.exe
macos-10.15-amd64
1WannaCrypt0r.exe
windows10-2004-x64
10WannaCrypt0r.exe
macos-10.15-amd64
1Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10Analysis
-
max time kernel
167s -
max time network
175s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
25-04-2024 17:55
Static task
static1
Behavioral task
behavioral1
Sample
000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
000.exe
Resource
macos-20240410-en
Behavioral task
behavioral3
Sample
Ana.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
Ana.exe
Resource
macos-20240410-en
Behavioral task
behavioral5
Sample
Bad Rabit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Bad Rabit.exe
Resource
macos-20240410-en
Behavioral task
behavioral7
Sample
Desktop Puzzle.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
Desktop Puzzle.exe
Resource
macos-20240410-en
Behavioral task
behavioral9
Sample
Memz.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
Memz.exe
Resource
macos-20240410-en
Behavioral task
behavioral11
Sample
NoEscape.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
NoEscape.exe
Resource
macos-20240410-en
Behavioral task
behavioral13
Sample
WannaCrypt0r.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
WannaCrypt0r.exe
Resource
macos-20240410-en
General
-
Target
Memz.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/Memz.exe\""1⤵PID:490
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/Memz.exe\""1⤵PID:490
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/Memz.exe1⤵PID:490
-
/bin/zsh/bin/zsh -c /Users/run/Memz.exe2⤵PID:491
-
-
/Users/run/Memz.exe/Users/run/Memz.exe2⤵PID:491
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵PID:493
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵PID:493
-
/usr/bin/pluginkit/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync1⤵PID:517
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterB516C108/OneDrive.app1⤵PID:518
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵PID:533
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵PID:533
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History1⤵PID:534
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History1⤵PID:534
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.72BB4C08-3F17-4814-8D58-2FCF674AD46C 5331⤵PID:535
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:535
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵PID:541
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵PID:541
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:542
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:542
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵PID:543
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵PID:543
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.C82115B6-81E8-4908-B885-4BBFF507E16F 5331⤵PID:544
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:544
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SearchHelper 5331⤵PID:545
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper1⤵PID:545
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵PID:546
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵PID:546
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵PID:547
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵PID:547
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.FC0BDB02-D710-4C87-80B9-C7B55FBE67E9 5331⤵PID:549
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:549
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵PID:552
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar1⤵PID:552
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.SandboxHelper 5491⤵PID:553
-
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper1⤵PID:553
-
/usr/libexec/xpcproxyxpcproxy com.apple.accessibility.mediaaccessibilityd1⤵PID:554
-
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd1⤵PID:554
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.BC89DD3E-1320-4F3B-8E69-68320F2C6237 5331⤵PID:555
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:555
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.0FA7E245-AB33-4275-B531-0164535DE52E 5331⤵PID:556
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:556
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵PID:558
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵PID:558
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵PID:559
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵PID:559
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 5491⤵PID:560
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:560
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5b1d93af012a8b948b8eaebe20a4ca838
SHA1c3d1a9778e88922c38152b08700a90a8ff9c083c
SHA25632d88e1590bd2714c7552c028eb4e40537606857a799a91d23333454c508c246
SHA512d173c4ffcbd42af35a571a3fc5fefb14fe9304edd365e5e573788aff5a9722ed4a1636af3d9f4d904cb3bd5207c6d680f95c91ffb4701ecbad52438b6eabbb74
-
Filesize
5KB
MD59909227b6fd2415ccb9a276d99632243
SHA1c21dfda1e925054b0d6c882e43f87dbe1222a933
SHA256af7282a5f1a3c7a62bda5f2265b1254d420ba7b5aab58023df705dd6064d2ac9
SHA5129705d6811e00ee5f616ead194484f00df7fd5033e6bbea784c02438b87774a3e60ece7e2fb6e23486eec43743d642a105a16a615b3a5d5ee32d49b8f77814e5c
-
Filesize
5KB
MD580f7367cb52983d2b58c2570460a9e9b
SHA18b1020b84f2c57bc43c0b0e504529fbd176fc694
SHA256d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7
SHA512ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize220KB
MD5c728f6e0e67075001a481d4d36586541
SHA1201d4df7ceb7d44b1ed44932f6e63578b37965ce
SHA256bcb234d0c266147139096f8d5f6ab23415e136787d8211b17ed423ad0f139a8b
SHA512301c81967a2bf02158e8edbbd7eba0146a6523f59161d5309460e08f92e124df7f2b4780b01500a36e5756db108f956a0934af590ee4028698fb048d6448bc7c
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize22.5MB
MD5c0d92bce6e7153e09c988c3a1a6102c0
SHA1d864e99b33f52755708c456282b71b3b538a435a
SHA256fcb131c2c37b471dfa21aa5f6c4d2bfa85888bc9d5fdcd15108f9faac6af8db5
SHA5125146ef6683366e79cc50616b781947e453ed7c8bb050963dbbdf051752ecee4b7002596b60f8b92065c45c6df416b5a64cd518c39716cc27be2c36ccb8169bc8
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize120KB
MD5e7916033cedaa80c0b59004677ebb7e6
SHA1e4b39a945f37970098c58fca2eb44dfdc9e68ea0
SHA25629d1bb4ccf19054e8e9a6afabd0995c405ea41dd4bdf9158dd951bcfa991d070
SHA512f8269abf70ab76e2d2cb05349a4deac64206963d36e0d8ac4791b695e3d2adb63ba847d723d7e1dd281b2ccf5d3de0ac293e1e6732d2d091758f1b42716bcca5
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818