4d4d53b1838441f48f171c68ff21096c582492866a8fd2fa7f8e91e24cf8a0d7 | Triage

Submit
Reports

Overview

overview

4

Static

static

3

BepInEx/co...ny.dll

macos-10.15-amd64

4

BepInEx/co...20.dll

macos-10.15-amd64

1

BepInEx/co...ny.dll

macos-10.15-amd64

1

BepInEx/co...er.dll

macos-10.15-amd64

1

BepInEx/co...Ex.dll

macos-10.15-amd64

4

BepInEx/co...op.dll

macos-10.15-amd64

4

BepInEx/co...db.dll

macos-10.15-amd64

1

BepInEx/co...db.dll

macos-10.15-amd64

1

BepInEx/co...ks.dll

macos-10.15-amd64

1

BepInEx/co...il.dll

macos-10.15-amd64

1

BepInEx/co...ur.dll

macos-10.15-amd64

4

BepInEx/co...ls.dll

macos-10.15-amd64

4

BepInEx/pa...on.dll

macos-10.15-amd64

1

BepInEx/pa...er.dll

macos-10.15-amd64

1

BepInEx/pa...er.dll

macos-10.15-amd64

1

BepInEx/pa...ed.dll

macos-10.15-amd64

4

BepInEx/pl...in.dll

macos-10.15-amd64

4

BepInEx/pl...ee.dll

macos-10.15-amd64

1

BepInEx/pl...in.dll

macos-10.15-amd64

1

doorstop_l....dylib

macos-10.15-amd64

1

doorstop_l....dylib

macos-10.15-amd64

1

winhttp.dll

macos-10.15-amd64

4

Analysis

max time kernel
148s
max time network
153s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
22-05-2024 03:21

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BepInEx/core/0Harmony.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

BepInEx/core/0Harmony20.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

BepInEx/core/BepInEx.Harmony.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

BepInEx/core/BepInEx.Preloader.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

BepInEx/core/BepInEx.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

BepInEx/core/HarmonyXInterop.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

BepInEx/core/Mono.Cecil.Mdb.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

BepInEx/core/Mono.Cecil.Pdb.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

BepInEx/core/Mono.Cecil.Rocks.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

BepInEx/core/Mono.Cecil.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

BepInEx/core/MonoMod.RuntimeDetour.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

BepInEx/core/MonoMod.Utils.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

BepInEx/patchers/Tobey/ConfigHandler/Tobey.Subnautica.ConfigHandler.Configuration.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

BepInEx/patchers/Tobey/ConfigHandler/Tobey.Subnautica.ConfigHandler.Patcher.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

BepInEx/patchers/Tobey/UnityAudio/Tobey.UnityAudio.Patcher.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

BepInEx/patchers/Tobey/UnityAudio/Tobey.UnityAudio.Shared.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

BepInEx/plugins/Tobey/ConfigHandler/Tobey.Subnautica.ConfigHandler.Plugin.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

BepInEx/plugins/Tobey/File Tree/Tobey.FileTree.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

BepInEx/plugins/Tobey/UnityAudio/Tobey.UnityAudio.Plugin.dll

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

doorstop_libs/libdoorstop_x64.dylib

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

doorstop_libs/libdoorstop_x86.dylib

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

winhttp.dll

Resource

macos-20240410-en

macos-10.15-amd64

1 signatures

150 seconds

Report Analysis Logs

General

Target

doorstop_libs/libdoorstop_x86.dylib
Size

28KB
MD5

eab63a6d53b8a26e8d0e7f0e08f6bee5
SHA1

81f79b64fc5a59d5d9f77edf782c06f0745917f7
SHA256

7f0d1b00a8eb71f0746e9d2ecf3a18034662e0e5826ac7357ceb8d117ed14eff
SHA512

7f8448dea127743dae6f9eb86728a507b56ac6b9f637bc8a79620e7b3b5d404f348313cd627d32c989a3e942e3a37f3a97063e7c649faae27bd4258285130091
SSDEEP

768:o0K9hNC31Ne01HDzIY3xo8f6tPuYJ3CZRBazrX5qyXEl5KS/:q9hNC31Ne01HDzIY3xo46tP0hazTwyXa

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/doorstop_libs/libdoorstop_x86.dylib\""
1⤵
PID:492

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/doorstop_libs/libdoorstop_x86.dylib\""
1⤵
PID:492

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/doorstop_libs/libdoorstop_x86.dylib
1⤵
PID:492

/bin/zsh
/bin/zsh -c /Users/run/doorstop_libs/libdoorstop_x86.dylib
2⤵
PID:493

/Users/run/doorstop_libs/libdoorstop_x86.dylib
/Users/run/doorstop_libs/libdoorstop_x86.dylib
2⤵
PID:493

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:494

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterB516C108/OneDrive.app
1⤵
PID:495

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:514

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:538

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:538

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:542

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy