Analysis
-
max time kernel
129s -
max time network
151s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
-
submitted
26-04-2024 16:09
General
-
Target
Wub/Wub.exe
-
Size
791KB
-
MD5
82aff8883099cf75462057c4e47e88ac
-
SHA1
68e2939f59b3869e9bd3ecc4aca3947649631bf8
-
SHA256
aac1123f17f8569a36bf93876cea30e15103fd2379b401a79129a2a6e7285ac2
-
SHA512
212ac940a1f8bdd805813c279d471efc53b858bc35c5edad182dfde3c29c37854618a507a0a0839e5a383d1ba4fe317c0b3c8275d023c86ecfa36f221560b96d
-
SSDEEP
12288:ZaWzgMg7v3qnCiWErQohh0F4YCJ8lnyTQrv2HzAMI3u18:4aHMv6CWrj8nyTQrv2TAMI3ua
Malware Config
Signatures
-
Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/Wub/Wub.exe\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/Wub/Wub.exe\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/Wub/Wub.exe1⤵
-
/bin/zsh/bin/zsh -c /Users/run/Wub/Wub.exe2⤵
-
/Users/run/Wub/Wub.exe/Users/run/Wub/Wub.exe2⤵
-
/usr/libexec/dmd/usr/libexec/dmd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History1⤵
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.siri.context.service1⤵
-
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.2255F5E4-B924-457C-9859-0A7607ED4C0D 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.suggestd1⤵
-
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.CoreAuthentication.agent1⤵
-
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.akd1⤵
-
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.EA623BE2-F8E8-4160-B8FE-F1677E3ABB6C 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.knowledge-agent1⤵
-
/usr/libexec/knowledge-agent/usr/libexec/knowledge-agent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵
-
/usr/libexec/neagent/usr/libexec/neagent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.cloudkeychainproxy31⤵
-
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SearchHelper 5881⤵
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.F01DBEFD-88BE-465A-81E6-37B9D2C0255F 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.C702004F-4AA2-429B-B7ED-95D1722A9003 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.BF29E0A7-6680-4D7F-AD02-2695CD1751EC 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.E0DAA08A-63E8-4836-A7E2-73A54808AF26 5881⤵
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbdFilesize
124KB
MD5a1ccc5cc05dd30246798737145e78111
SHA1da550b05c7adac9576be8516c2ebbc4a29b79e30
SHA256c8668966f48f17f81dc6959b1ee2f10b7e1f4efababdd37d9b2e51f00fa33bea
SHA51221eb44da283c6862a5fe0720bbeb7c5738e95d339c5266af70ff7c681b973f525bd44ad785e9556cb54c1df4a81f1eeb715f47ca97f89ad6deaea597bbef2d64
-
/Users/run/Library/Caches/GeoServices/Resources/LocalizationStyleAttributes-8.plistFilesize
6KB
MD5d7aa7d53d68fd2f1ac03fc79dac41482
SHA1dd0e8f57cfe73e0dd6738e9369d3e9ed1f64d8fa
SHA256fa9f615b095101a65a744e353217f5ca7be7ed1bf908475f49efee6867cdfb53
SHA512bd7e9d315546601c498182cdddf440cc64b1cee4dad6a2b389188e53f932ec8a068cf3fbdb822329ad12b4f30c8aa4fb294dc75243bdb9bc1a4979348c515525
-
/Users/run/Library/Caches/GeoServices/Resources/default-search-4270.stylFilesize
3KB
MD560f5974b5c0d46fe9c243c8b831ddee8
SHA1b0cdfd37faa5c5d4d04badb52cd791667f39713c
SHA2569ab20ddd5ef6a40115c362a4fab4bb163978acb28309b9a0a4a1c4b490ccc939
SHA5128032fc668f281119321d69e6f2ae79eef2ab6da8a47ce1816542489ead2fb55bbca555dbe94bd78eda92eecc5d86e8aa334633bb797c7512c74c922c6fb4950d
-
/Users/run/Library/Caches/GeoServices/Resources/supportedCountriesDirections-25.plistFilesize
3KB
MD54d849f17f3bdc8361d9d9d2576bcffc7
SHA1deb80bbfd72c7a7bcc7a6539a6dff7a070f19d2d
SHA25646570f20e01d75c7431c85a3b1927963ae49dcf3f8f6c42dc102d8fe08095b57
SHA512dcac8a979746ad1fad4f94c96b6702d05908d755d154ae4ad473330144f454919b2bb72f279348e15a955dc0671c5212e25f364c9b2bab331e1dc3d12f642584
-
/Users/run/Library/Caches/GeoServices/SearchAttribution.pbdFilesize
63KB
MD5b9b7361b2633f250d9bd9b8b16ed62ea
SHA182481bad0b5bd72df6b3dae45efa6c1e75b6777e
SHA256838089b62287088bbfd20b70c4aed64b721da3c27a44e1090601f190b6af84f2
SHA5123bb0e4e515cee5da21875585c905551503a121ebfb00ebd2aff1c1f74b2a4a32797c64feb648859b985a4d1b4656204f02620e0187047ad509c70a4d1e27eda5
-
/Users/run/Library/Safari/Favicon Cache/favicons/368D7C0B78B9537DA94D7A03318AF418Filesize
5KB
MD5dbd2f9fc1096e1941d8d7b8764f45add
SHA1dea28ddb4e8c79a8214fee87d7d2042ddee41e66
SHA2563d91ac80e262eb1f66fcd21499d83bbb385b2f68085949c7be5f96b5248d51f2
SHA512c7ff658a79ac179180790e02bf585db99b0106341f9a575ff6f38721408beacab80c27183f60ace8e2ad2a9c6c3b9ad7a5e1439b143c63b4ce7d201727695802
-
/Users/run/Library/Safari/Favicon Cache/favicons/E839CC5D1495081409B4CB0BA52D828CFilesize
5KB
MD5f00bfcd8a3fbee0103bfdbde08af861f
SHA1deaf315f88b0b7224ff7c465bb56b711c2b32c9a
SHA256cc595de2d8cfa2498260460c94e6762f6f08aea133fd018801fd6ed751fdbf53
SHA5127a73159af3db249e2ec5faa985fdfffe5beb819492f9ab5deaf65d3375155931198f6effddcb847f489aa796a686bf8f1e622da0eb7c69803341423763c585ed
-
/Users/run/Library/Safari/Favicon Cache/favicons/EBE6DCEE7FA21C2ADFAF961F6B05000EFilesize
5KB
MD576b8c28bb51d49c49b0e21501182b237
SHA1379662d22cbae8b2e0cf618d1eab3daf9e745761
SHA2569e5020833dc48bba479a345dd92452bfc588b7ee7d530f639e3b6340875e568d
SHA51245ef4249ef9d2976fbb782a203bc079e1a23aacc82c9d463701634b61c6541eabe930df6cef5f4c2b34762f368a892a2085d136c2c6f95388caa347b75aa6a3a
-
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1269.xmlFilesize
167KB
MD5a645869f7bf432953f0292ca5fd17ad8
SHA19063c8541f8d4d81d301df8b359a30071d42b119
SHA25604daf260c11cd34cd84f42fb5a47f1d5717d0b2f62b236826d7c3a6f0a1c9db9
SHA5126449c45cd990750cf88cbf75b3320e6d972ba1b10dd8bb23835e1d298efb0b5d50399ad2c4be9d3d068619d645e544afc3245c66630da1878c8688811e76fca4
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expressionFilesize
220KB
MD554ad6f6dc76b991c0c3d368043b51b9b
SHA16763ef8618f54639bc3e43d3ed44ce53c9c71630
SHA256b23602f801fa905c3f9e38e47a0ffa90e4c7c358e92e1fb500b37fb8825e27a7
SHA512d32595154a50498ac9ac8313d7cdde397d9724257a271223c975c318fd0cdca329e56445a53092a6c4a7d25eb48a8279de0988eab0a709e99a42451b422c482d
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expressionFilesize
22.5MB
MD530e0ba67b381ecdf08d46dfd8720452b
SHA13644816f6033c7a7d500d452b4ef33cd6e981905
SHA2565ecca18b721d50a533f75ecb70a14e4ba640b942e8f6b54b7406de016013ee44
SHA5125388f89044f405c89aa2f91ec28e50a811baf6a7f9442d0b39aeebc4e02d221e6f8f90f548f2e63fafc340ae9d352421ecc598108a0e497ed8ea00783a9aae6c
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expressionFilesize
121KB
MD594d7263d3cf115f75af945dc0d03b5cc
SHA1f486c152b5abf13d59dffc9cea8f3b5e1ea0b635
SHA256e2b1c095f538b25a90a56ec70c880378be7f717dd901f89e1dd4c9dc8ccae320
SHA512b43e86c905eb4ec0c0243ad9c42d3c11d4e9a3c69aca8e7accf4cf768a87b22943f69b17825ca8c38023500b90ba1730566cb53a0cd357ffdbc3c1e829b95f5f
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.dbFilesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.dbFilesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818