Analysis

  • max time kernel
    121s
  • max time network
    120s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    08-06-2024 22:49

General

  • Target

    $PLUGINSDIR/nsis7z.dll

  • Size

    424KB

  • MD5

    80e44ce4895304c6a3a831310fbf8cd0

  • SHA1

    36bd49ae21c460be5753a904b4501f1abca53508

  • SHA256

    b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

  • SHA512

    c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

  • SSDEEP

    6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

Score
4/10

Malware Config

Signatures

  • Resource Forking 1 TTPs 1 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

Processes

  • /usr/libexec/xpcproxy
    xpcproxy com.oracle.java.Java-Updater
    1⤵
      PID:483
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/\$PLUGINSDIR/nsis7z.dll\""
      1⤵
        PID:485
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/\$PLUGINSDIR/nsis7z.dll\""
        1⤵
          PID:485
        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
          1⤵
            PID:483
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run//nsis7z.dll
            1⤵
              PID:485
              • /bin/zsh
                /bin/zsh -c /Users/run//nsis7z.dll
                2⤵
                  PID:486
                • /Users/run//nsis7z.dll
                  /Users/run//nsis7z.dll
                  2⤵
                    PID:486

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads