Overview

overview

7

Static

static

1

virus/viru...applet

macos-10.15-amd64

7

virus/viru...n.scpt

macos-10.15-amd64

4

virus/viru...XT.rtf

macos-10.15-amd64

4

virus/virus_test.py

macos-10.15-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virus.zip

  • Size

    307KB

  • Sample

    240518-bmxf1sda96

  • MD5

    ed572445291f5a731338428d0841a1c6

  • SHA1

    9a88fa5422ef39e18ed5218e1b458dfa257251c5

  • SHA256

    38ac33f0f69975fa05bdf1708a496b8a044527cc0b455476a60ce4011ce20d22

  • SHA512

    b6bb025366acbc62dc773380abbd1ab250eecb0b6d33a834dd8fcb899712c3a430a28478a8b24cd1e1ebfe8a257e6e58f134c841a60badb544285676f3f41065

  • SSDEEP

    6144:DAKlf4GSSfAPleiEpzRB1QdSCs8InlPlLN6iRrzYmjxIbhD2hfh/TWMu:DRlfKSfAPnEpzhQUCsDd1pLtIbhRT

Score
7/10
evasionexecutionmacospersistenceprivilege_escalation

Malware Config

Targets

    • Target

      virus/virus.app/Contents/MacOS/applet

    • Size

      24KB

    • MD5

      bb97e2ae9bc6bf8e171d26e40f59361f

    • SHA1

      9bcd87d5bca1e18efbd118d93d76002aa12baa12

    • SHA256

      1f93d65a2692da30ba3997fdfbfbbe5880c2ea76d6cab9102faa8a6431350e02

    • SHA512

      606111b939b1fbe3008f90af616470e9c9d320a70021348540c03d32355892c5989df28d08158930bda313d3f0d9549aaaaa7ea6c1788ce4e283340abb954163

    • SSDEEP

      48:WjSY8HF/bTN/H2syYYpHVk0xzI6DV/LRsr13XfjHcbH33H2s+SAZgKnu2:WWVflWfpHu0xzI6DZLiKzWGA93

    Score
    7/10
    evasionexecutionpersistenceprivilege_escalation

    • Login Items

      Adversaries may add login items to execute upon user login to gain persistence or escalate privileges. Login items are applications, documents, folders, or server connections that are automatically launched when a user logs in.

      persistenceprivilege_escalation
    behavioral1

    • Target

      virus/virus.app/Contents/Resources/Scripts/main.scpt

    • Size

      11KB

    • MD5

      4585b7aa44190a67d5f14576169b8bca

    • SHA1

      b50ea44446ca58ba37f00aa4f320dae2196e6ab5

    • SHA256

      50376fde83ddba8ba38206f45282a7783abf2282b2693750f6459a5d1225ff51

    • SHA512

      1b31e0761adb678ef8b0e3fd4764cf66238789a66e4c15f521d31fc5baf3fae135839d25b377820399a7861ee7ee1753b4e3af416c2028560424e54181b46696

    • SSDEEP

      192:e2tPF3abxBJ3OnVLejDf0OHLM+AYMJrCr:/9ITZgRmHLzAYMsr

    Score
    4/10
    evasion
    behavioral2

    • Target

      virus/virus.app/Contents/Resources/description.rtfd/TXT.rtf

    • Size

      102B

    • MD5

      cb51e6fa885502ba84f7d85355106e28

    • SHA1

      def335a818a1ade9e99cfe7144e83bed2723212d

    • SHA256

      ca58c48c0f35c7768863f31357f68393f7709e9810818b3a06b3004274f03a56

    • SHA512

      33dbeb9c18e2a54c7c41282d73284b0a8c6d3ed0bb5cc556ce5d02ef0c670c86b74b46589750b866d2f148ff3b7dea655e1f3403f50847d527de4d24a5cbb905

    Score
    4/10
    evasion
    behavioral3

    • Target

      virus/virus_test.py

    • Size

      1KB

    • MD5

      e118064a4678486c8b618f3f2f38e66e

    • SHA1

      f0309c9677585726ec17eb21dcfaae5ad389ecbb

    • SHA256

      671977a1e6736e601dda53a37a686f46c0bf547b94b746ce485789916195b55b

    • SHA512

      8ef4c624d8b2a33ad7287740a58a239178d23447f1a3365b23b60eac7854949e1005c10924c0d0de20fecbc60aa8a9cb1d3e8f6bb825969c60803a26d4bdac1d

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Boot or Logon Autostart Execution

1
T1547

Login Items

1
T1547.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Login Items

1
T1547.015

Defense Evasion

Hide Artifacts

3
T1564

Resource Forking

3
T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks