Overview
overview
7Static
static
1NetShred_X...NT.dmg
macos-10.15-amd64
1NetShred X...T].dmg
macos-10.15-amd64
7NetShred X.../rhash
macos-10.15-amd64
4NetShred X...perApp
macos-10.15-amd64
1NetShred X...ts.rtf
windows7-x64
4NetShred X...ts.rtf
windows10-2004-x64
1NetShred X...hred X
macos-10.15-amd64
4NetShred X...ts.rtf
windows7-x64
4NetShred X...ts.rtf
windows10-2004-x64
1NetShred X....dylib
macos-10.15-amd64
4NetShred X...qlite3
macos-10.15-amd64
4NetShred X...iendly
ubuntu-18.04-amd64
3NetShred X...iendly
debian-9-armhf
1NetShred X...iendly
debian-9-mips
NetShred X...iendly
debian-9-mipsel
Analysis
-
max time kernel
144s -
max time network
161s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
11-05-2024 04:19
Static task
static1
Behavioral task
behavioral1
Sample
NetShred_X_6_0_2_TNT.dmg
Resource
macos-20240410-en
Behavioral task
behavioral2
Sample
NetShred X 6.0.2/Manual install/NetShred X 6.0.2 [TNT].dmg
Resource
macos-20240410-en
Behavioral task
behavioral3
Sample
NetShred X 6.0.2/Extra/rhash
Resource
macos-20240410-en
Behavioral task
behavioral4
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Library/LoginItems/LaunchAtLoginHelperApp.app/Contents/MacOS/LaunchAtLoginHelperApp
Resource
macos-20240410-en
Behavioral task
behavioral5
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Library/LoginItems/LaunchAtLoginHelperApp.app/Contents/Resources/en.lproj/Credits.rtf
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Library/LoginItems/LaunchAtLoginHelperApp.app/Contents/Resources/en.lproj/Credits.rtf
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
NetShred X 6.0.2/NetShred X.app/Contents/MacOS/NetShred X
Resource
macos-20240410-en
Behavioral task
behavioral8
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Resources/en.lproj/Credits.rtf
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Resources/en.lproj/Credits.rtf
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Resources/libConfigurer64.dylib
Resource
macos-20240410-en
Behavioral task
behavioral11
Sample
NetShred X 6.0.2/NetShred X.app/Contents/Resources/sqlite3
Resource
macos-20240410-en
Behavioral task
behavioral12
Sample
NetShred X 6.0.2/Open Gatekeeper friendly
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral13
Sample
NetShred X 6.0.2/Open Gatekeeper friendly
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral14
Sample
NetShred X 6.0.2/Open Gatekeeper friendly
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral15
Sample
NetShred X 6.0.2/Open Gatekeeper friendly
Resource
debian9-mipsel-20240226-en
General
-
Target
NetShred X 6.0.2/Manual install/NetShred X 6.0.2 [TNT].dmg
-
Size
3.4MB
-
MD5
b4445a1d2526685b24df671313e9417b
-
SHA1
c3b7b3a0ba012a428709695772c187407bf40797
-
SHA256
32d131386d46c189a87ac5425e448cbd9cfb10d1117d0f9084ff7cf3b1d7317b
-
SHA512
f5caf85550caaaeee5bf17992aba5bfac67254a68fc1827b571e4397d9433ec1d495b8ed6cbea8e27b6c3503414ce1dd301be16ca54999aee8a7a2be7ba90f32
-
SSDEEP
98304:l+tyfT1Ur9KVJ7B98mAtD60RRAMA2ai2p:YtyQm7B98meDPA24
Malware Config
Signatures
-
Login Items 1 TTPs 1 IoCs
Adversaries may add login items to execute upon user login to gain persistence or escalate privileges. Login items are applications, documents, folders, or server connections that are automatically launched when a user logs in.
Processes:
ioc process "/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app"1⤵
-
/bin/zsh/bin/zsh -c "open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app"2⤵
-
/usr/bin/openopen "/Volumes/NetShred X 6.0.2/NetShred X.app"2⤵
-
/usr/libexec/xpcproxyxpcproxy com.mireth.netshred.23001⤵
-
/Volumes/NetShred X 6.0.2/NetShred X.app/Contents/MacOS/NetShred X"/Volumes/NetShred X 6.0.2/NetShred X.app/Contents/MacOS/NetShred X"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemevents.21561⤵
-
/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.FolderActionsDispatcher1⤵
-
/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵