Overview

overview

4

Static

static

1

3eb92d7b11...kes118

macos-10.15-amd64

1

SafeFinder...taller

macos-10.15-amd64

1

SafeFinder...taller

macos-10.15-amd64

4

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    13-05-2024 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller

  • Size

    72KB

  • MD5

    9a6621d4462c141952574f910bb96c63

  • SHA1

    6573366e084b5f9d2638babd396cb80cff1d7389

  • SHA256

    dd35ff23e6c5b4549bb0a57b73c23ef71d6a73445e183747057af1594690fee3

  • SHA512

    47a33eb51d4064dfdfe5e3ae1e2728127a038499a32d7b936499176ec333200f3be7657915cf2ec77b53b9eb148ada27071304fbd65152ecf07e9c4d5c4db5b1

  • SSDEEP

    768:S7oceKjaAf6DCchjNLIlIGInIwR0d0FMXtzeDhLYe8qc:OW06D98SMd08eVc

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller\""
    1⤵
      PID:487
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller\""
      1⤵
        PID:487
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller
        1⤵
          PID:487
          • /bin/zsh
            /bin/zsh -c /Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller
            2⤵
              PID:488
            • /Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller
              /Users/run/SafeFinder/SafeFinder.app/Contents/MacOS/SafeFinder_WebInstaller
              2⤵
                PID:488
            • /usr/bin/pluginkit
              /usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
              1⤵
                PID:489
              • /usr/sbin/spctl
                /usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app
                1⤵
                  PID:490
                • /usr/sbin/spctl
                  /usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
                  1⤵
                    PID:531
                  • /bin/launchctl
                    /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                    1⤵
                      PID:547
                    • /bin/launchctl
                      /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                      1⤵
                        PID:548

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads