Resubmissions
05/05/2024, 11:48
240505-nyvg1scd37 4Analysis
-
max time kernel
90s -
max time network
91s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
-
submitted
05/05/2024, 11:48
Errors
General
-
Target
boyf cat.jpg
-
Size
87KB
-
MD5
a355316bb95f88800e1f8b66c8b552ab
-
SHA1
341c3bd933ae7251329b750aace9d1d14aa7e895
-
SHA256
6e9c0007da07fd73d484124ff0801a93eaeb89ee5ade70f28e86f6d71263997a
-
SHA512
590693f3a4a8809e1260546b383068e8cc634432da936c5d52a836daf06043eb75dc4c8a7a6306947ac539400c873ff7ba9e54e39d3db3e839e0fd0d09532d01
-
SSDEEP
1536:sicLrvnSudH2PHfiSIUzGJ38Cb+fC1IEpscygtU/t4L4FxZHlpgkpyX5a0ZZG:Zcq6H2Sso38RfKdpvy1UkWayZG
Malware Config
Signatures
-
Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/boyf cat.jpg\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/boyf cat.jpg\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "/Users/run/boyf cat.jpg"1⤵
-
/bin/zsh/bin/zsh -c "/Users/run/boyf cat.jpg"2⤵
-
-
/Users/run/boyf/Users/run/boyf cat.jpg2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.oracle.java.Java-Updater1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.gkreport1⤵
-
/usr/libexec/gkreport/usr/libexec/gkreport1⤵
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemstats.daily1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.PackageKit.InstallStatus1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.warmd_agent1⤵
-
/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"1⤵
-
/usr/libexec/warmd_agent/usr/libexec/warmd_agent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.rtcreportingd1⤵
-
/usr/libexec/rtcreportingd/usr/libexec/rtcreportingd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sessionlogoutd1⤵
-
/System/Library/CoreServices/sessionlogoutd/System/Library/CoreServices/sessionlogoutd1⤵
-
/sbin/shutdown/sbin/shutdown -r now1⤵
-
/bin/shsh -c "/usr/bin/wall -n"1⤵
-
/bin/bashsh -c "/usr/bin/wall -n"1⤵
-
/usr/bin/wall/usr/bin/wall -n1⤵
-
/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnoseiogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin1⤵
-
/usr/sbin/spindumpspindump -shutdownstall 2 -timelimit 51⤵
-
/bin/shsh -c /usr/sbin/kextstat1⤵
-
/bin/bashsh -c /usr/sbin/kextstat1⤵
-
/usr/sbin/kextstat/usr/sbin/kextstat1⤵
-
/bin/bashbash /private/var/install/shutdown_installer_tasks1⤵
-
/bin/bashbash /private/var/install/deferred_install1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
140KB
MD5b853bf546d48f0d1c65b1ae92d79e1d1
SHA1c47b637c178be927c204c6251134cc35f1e901a6
SHA2565496e107f6a8a24dae71499805b927fea46f826074cd4d7b410964decc159f47
SHA512cc98c699285369f0b8d465c89c71d2dec9a955e2f59183b45d53a1f3873026e0343f99eca06e97bfca8d71d5f9ede2e70569897d5ac1c5e94984116530bd513a