Analysis
-
max time kernel
135s -
max time network
145s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
08-06-2024 15:41
Static task
static1
Behavioral task
behavioral1
Sample
dPOS_EAS_Bundle.rbxm
Resource
macos-20240410-en
General
-
Target
dPOS_EAS_Bundle.rbxm
-
Size
28KB
-
MD5
a1148e1b8f1e949b723e703881bd0d98
-
SHA1
d5513510510204040ba06e5bf35e280c10f18e88
-
SHA256
2885a0b4037f92b73fae531687264ae74779ad1afae7ae5eb6f7256c9fc28fff
-
SHA512
99ceae882e41994a93c2426293246a7413bf59430c6c6394e565e3ae1a1808761005bee6afb94f35e55d8c3ff5a719ba25324349e2f35b209cf1cd1f8a952465
-
SSDEEP
768:nVlPKSe/gBly/xORtAaj1GTrYPgzhl6TkR7rDk0N:n6uLJ5aYPOj6wJN
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/dPOS_EAS_Bundle.rbxm\""1⤵PID:485
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/dPOS_EAS_Bundle.rbxm\""1⤵PID:485
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/dPOS_EAS_Bundle.rbxm1⤵PID:485
-
/bin/zsh/bin/zsh -c /Users/run/dPOS_EAS_Bundle.rbxm2⤵PID:486
-
/Users/run/dPOS_EAS_Bundle.rbxm/Users/run/dPOS_EAS_Bundle.rbxm2⤵PID:486
-
/usr/libexec/xpcproxyxpcproxy com.apple.Terminal.21001⤵PID:522
-
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal1⤵PID:522
-
/usr/bin/loginlogin -pf run2⤵PID:524
-
/bin/zsh-zsh3⤵PID:525
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵PID:526
-
/usr/bin/localelocale LC_CTYPE4⤵PID:527
-
/usr/bin/curlcurl parrot.live4⤵PID:529
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵PID:539
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵PID:539
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History1⤵PID:540
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History1⤵PID:540
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.42CAF03A-16F4-49B6-9725-C69D89886CCF 5391⤵PID:541
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:541
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵PID:546
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵PID:546
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.38643FED-E3BE-46CB-86F4-1CFDB34ECD2E 5391⤵PID:547
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:547
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SearchHelper 5391⤵PID:548
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper1⤵PID:548
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵PID:549
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵PID:549
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.8B4AD5DD-FF5E-43CD-A8C3-B56F7F64C88E 5391⤵PID:550
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:550
-
/usr/libexec/xpcproxyxpcproxy com.apple.contacts.donation-agent1⤵PID:553
-
/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent1⤵PID:553
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize219KB
MD5c38e60f94892f48ec890f1f293121edb
SHA1db9b959ffc045cabe63b098fdf5271bba2ca09c6
SHA256bd50c12837ecc0e1ebfff5bc7aeb29ec680fbf9b9d005b89c1368f81beb7e958
SHA512703f4e12f4568241ba1d91c3b10127dfa774690ea1a7225b40fb0926e5cfd09e981403328f1076c6147cf4d809030e9d6b82a9bf3fca8ab5bfa4f440e96f2bbb
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize21.9MB
MD5daf86001af31cc5721beee39a8a88da9
SHA1ff8858aacbc289e43c0e4331f81f15f0b00dcefb
SHA256e33f5867389a931472d93813caf1397b79d81fb294c160e57be6a567f728f921
SHA51249c080733ec6154ef31fbce0ac8e2d60c7cde2d6b51512c0b2bfd5d4f0b56843f93af3184872fa33e5e09472f7ee425ffa3b6de23738b3197a3c78d088257a9c
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize125KB
MD5679f2da10284c532f3b67f1e253cc9d7
SHA1172070074b602c83cadb42df806e89700ad8e8ca
SHA256cfa082db9578e305544f5e3a05202f398706f51407daa752ccb52866f83485fb
SHA512e8d308f88a40eb1a3f4810a422a54d9f202b22eb75f2da8dfe0a5fdc26bb547b2861ba479677a9ad6520339c609fd01d623ea18c1f040873071b86fea5663de7
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818