Analysis

  • max time kernel
    144s
  • max time network
    161s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    11-05-2024 04:19

General

  • Target

    NetShred X 6.0.2/Manual install/NetShred X 6.0.2 [TNT].dmg

  • Size

    3.4MB

  • MD5

    b4445a1d2526685b24df671313e9417b

  • SHA1

    c3b7b3a0ba012a428709695772c187407bf40797

  • SHA256

    32d131386d46c189a87ac5425e448cbd9cfb10d1117d0f9084ff7cf3b1d7317b

  • SHA512

    f5caf85550caaaeee5bf17992aba5bfac67254a68fc1827b571e4397d9433ec1d495b8ed6cbea8e27b6c3503414ce1dd301be16ca54999aee8a7a2be7ba90f32

  • SSDEEP

    98304:l+tyfT1Ur9KVJ7B98mAtD60RRAMA2ai2p:YtyQm7B98meDPA24

Malware Config

Signatures

  • Login Items 1 TTPs 1 IoCs

    Adversaries may add login items to execute upon user login to gain persistence or escalate privileges. Login items are applications, documents, folders, or server connections that are automatically launched when a user logs in.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app\""
    1⤵
      PID:526
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app\""
      1⤵
        PID:526
      • /usr/bin/sudo
        sudo /bin/zsh -c "open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app"
        1⤵
          PID:526
          • /bin/zsh
            /bin/zsh -c "open /Volumes/NetShred\\ X\\ 6.0.2/NetShred\\ X.app"
            2⤵
              PID:527
            • /usr/bin/open
              open "/Volumes/NetShred X 6.0.2/NetShred X.app"
              2⤵
                PID:527
            • /usr/libexec/xpcproxy
              xpcproxy com.mireth.netshred.2300
              1⤵
                PID:529
              • /Volumes/NetShred X 6.0.2/NetShred X.app/Contents/MacOS/NetShred X
                "/Volumes/NetShred X 6.0.2/NetShred X.app/Contents/MacOS/NetShred X"
                1⤵
                  PID:529
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.systemevents.2156
                  1⤵
                    PID:533
                  • /System/Library/CoreServices/System Events.app/Contents/MacOS/System Events
                    "/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"
                    1⤵
                      PID:533
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.FolderActionsDispatcher
                      1⤵
                        PID:534
                      • /System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher
                        /System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd
                        1⤵
                          PID:534
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                          1⤵
                            PID:548
                          • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                            /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                            1⤵
                              PID:548

                            Network

                            MITRE ATT&CK Matrix ATT&CK v13

                            Persistence

                            Boot or Logon Autostart Execution

                            1
                            T1547

                            Login Items

                            1
                            T1547.015

                            Privilege Escalation

                            Boot or Logon Autostart Execution

                            1
                            T1547

                            Login Items

                            1
                            T1547.015

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads