Overview

overview

7

Static

static

1

PostgreSQL_v.8.24.dmg

macos-10.15-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PostgreSQL_v.8.24.dmg

  • Size

    8.5MB

  • Sample

    240524-es8ysacg5y

  • MD5

    e5375e47d4aa57e099bd80680afc9df3

  • SHA1

    222fccee4cbc41a5612a3d3ed034bfb311f2a6bb

  • SHA256

    01c9714f985ea18e3d62c611a83c36780d74617c2b284214c7fd06ba4aa78790

  • SHA512

    836d37a23705abc4114d7153ad65a24465db9d4ece63856780dc2a16c596334be92af99bbf6c711acd688c50867b4fa775bb3f912d128ea6eff1d3ee592b0b82

  • SSDEEP

    98304:c/gmaYwRcXEcwxMpiosLk9mU77yzl+mF4Ncsekgdsj1CwudKByOudKByrZkVypHS:cQfcwhosfjDpkKW75h5ryuoMYkUw

Score
7/10
discoveryevasionexecutionmacos

Malware Config

Targets

    • Target

      PostgreSQL_v.8.24.dmg

    • Size

      8.5MB

    • MD5

      e5375e47d4aa57e099bd80680afc9df3

    • SHA1

      222fccee4cbc41a5612a3d3ed034bfb311f2a6bb

    • SHA256

      01c9714f985ea18e3d62c611a83c36780d74617c2b284214c7fd06ba4aa78790

    • SHA512

      836d37a23705abc4114d7153ad65a24465db9d4ece63856780dc2a16c596334be92af99bbf6c711acd688c50867b4fa775bb3f912d128ea6eff1d3ee592b0b82

    • SSDEEP

      98304:c/gmaYwRcXEcwxMpiosLk9mU77yzl+mF4Ncsekgdsj1CwudKByOudKByrZkVypHS:cQfcwhosfjDpkKW75h5ryuoMYkUw

    Score
    7/10
    discoveryevasionexecution

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

      discovery

    • System Checks

      Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.

      evasion

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Credential Access

Discovery

System Information Discovery

1
T1082

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks