Overview

overview

7

Static

static

1

Calendly_v.6.67.dmg

macos-10.15-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Calendly_v.6.67.dmg

  • Size

    3.7MB

  • Sample

    240524-fl1jhaec5t

  • MD5

    53335125fb1763a0b4660c2a38031d55

  • SHA1

    4607065e1ff401036a34d472ee78c8644af01ded

  • SHA256

    27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88

  • SHA512

    9f0a073ea31a82ba14f40c0db9cd0dd09d9da8b30e7e537093169fc0c128cf12f15366de6ebc07cf475417b76f6b14ee2ed09587fc87e660d2fc5365453c24d8

  • SSDEEP

    24576:fh8T/qbjFDp0ANhZl/aa1fJpT+1kLIaZ/FydXQ6w/0cHTVMPqG5V6QYblPrdGLL/:587qb510ANhZ

Score
7/10
discoveryevasionexecutionmacos

Malware Config

Targets

    • Target

      Calendly_v.6.67.dmg

    • Size

      3.7MB

    • MD5

      53335125fb1763a0b4660c2a38031d55

    • SHA1

      4607065e1ff401036a34d472ee78c8644af01ded

    • SHA256

      27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88

    • SHA512

      9f0a073ea31a82ba14f40c0db9cd0dd09d9da8b30e7e537093169fc0c128cf12f15366de6ebc07cf475417b76f6b14ee2ed09587fc87e660d2fc5365453c24d8

    • SSDEEP

      24576:fh8T/qbjFDp0ANhZl/aa1fJpT+1kLIaZ/FydXQ6w/0cHTVMPqG5V6QYblPrdGLL/:587qb510ANhZ

    Score
    7/10
    discoveryevasionexecution

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

      discovery

    • System Checks

      Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.

      evasion

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Credential Access

Discovery

System Information Discovery

1
T1082

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks