f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.dmg
Size

2.7MB
Sample

240515-xh4kesfa25
MD5

2df6c829775e6f20933d0e32ed83bfea
SHA1

709c6d31bd2ae5852c74102e8ec9c271d6cc7374
SHA256

f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f
SHA512

2dbaa41a086bce03ac8e87e0d05c3a73a1e856ff806e7f7b02c3e8e0f46c0e97c2247172da14e2ed6bc27b7a8c06ca7d3e449e96ee1ab7ce398ff31617970c9b
SSDEEP

49152:Dtpn+iDlW7KM7PG9neIG2BDI0Rnt81CAZhbwB5W4ERbNW4ERb1Y2mvVWp83GdC+:f+y87vi9nnG2BPnW1Cm6WnZWnhkUe9

Score

7^/10

discovery evasion execution macos

Malware Config

Targets

- Target
  
  Setup.dmg
- Size
  
  2.7MB
- MD5
  
  2df6c829775e6f20933d0e32ed83bfea
- SHA1
  
  709c6d31bd2ae5852c74102e8ec9c271d6cc7374
- SHA256
  
  f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f
- SHA512
  
  2dbaa41a086bce03ac8e87e0d05c3a73a1e856ff806e7f7b02c3e8e0f46c0e97c2247172da14e2ed6bc27b7a8c06ca7d3e449e96ee1ab7ce398ff31617970c9b
- SSDEEP
  
  49152:Dtpn+iDlW7KM7PG9neIG2BDI0Rnt81CAZhbwB5W4ERbNW4ERb1Y2mvVWp83GdC+:f+y87vi9nnG2BPnW1Cm6WnZWnhkUe9
Score

7^/10

discovery evasion execution
- Queries the macOS version information.
  An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
  discovery
- System Checks
  Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.
  evasion
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Resource Forking

Indicator Removal

File Deletion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecution