Analysis
-
max time kernel
170s -
max time network
170s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
08-06-2024 15:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/watch?v=5RFN3EwtiJE
Resource
macos-20240410-en
Errors
General
-
Target
https://www.youtube.com/watch?v=5RFN3EwtiJE
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=5RFN3EwtiJE\""1⤵PID:482
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=5RFN3EwtiJE\""1⤵PID:482
-
/usr/bin/sudosudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=5RFN3EwtiJE"1⤵PID:482
-
/bin/zsh/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=5RFN3EwtiJE"2⤵PID:484
-
/usr/libexec/xpcproxyxpcproxy com.apple.Photos.18761⤵PID:517
-
/System/Applications/Photos.app/Contents/MacOS/Photos/System/Applications/Photos.app/Contents/MacOS/Photos1⤵PID:517
-
/usr/libexec/xpcproxyxpcproxy com.apple.colorsync.useragent1⤵PID:519
-
/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent1⤵PID:519
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵PID:526
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵PID:526
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History1⤵PID:527
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History1⤵PID:527
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.62A93ABA-0013-4893-A01B-20078AAB8FA8 5261⤵PID:529
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:529
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵PID:532
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵PID:532
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.AEA4C616-3773-4320-8980-6E32008D59EE 5261⤵PID:533
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:533
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SearchHelper 5261⤵PID:537
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper1⤵PID:537
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵PID:538
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵PID:538
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.0E1B6A11-BF7D-4E43-8AE2-B5B8B6C14D36 5261⤵PID:539
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:539
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵PID:541
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar1⤵PID:541
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.SandboxHelper 5391⤵PID:542
-
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper1⤵PID:542
-
/usr/libexec/xpcproxyxpcproxy com.apple.accessibility.mediaaccessibilityd1⤵PID:543
-
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd1⤵PID:543
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.263CAA7D-1882-4E8A-B3AD-2FB384CEA5F9 5261⤵PID:544
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:544
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.818E014A-DCB5-4D29-8A0B-B011E0CD9259 5261⤵PID:545
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:545
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app1⤵PID:549
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 5391⤵PID:551
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:551
-
/usr/libexec/xpcproxyxpcproxy com.apple.Notes.17361⤵PID:555
-
/System/Applications/Notes.app/Contents/MacOS/Notes/System/Applications/Notes.app/Contents/MacOS/Notes1⤵PID:555
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵PID:556
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵PID:556
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon1⤵PID:557
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon1⤵PID:558
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵PID:559
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵PID:559
-
/usr/libexec/xpcproxyxpcproxy com.apple.PackageKit.InstallStatus1⤵PID:560
-
/usr/libexec/xpcproxyxpcproxy com.apple.warmd_agent1⤵PID:561
-
/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"1⤵PID:560
-
/usr/libexec/warmd_agent/usr/libexec/warmd_agent1⤵PID:561
-
/usr/libexec/xpcproxyxpcproxy com.apple.passd1⤵PID:562
-
/System/Library/PrivateFrameworks/PassKitCore.framework/passd/System/Library/PrivateFrameworks/PassKitCore.framework/passd1⤵PID:562
-
/usr/libexec/xpcproxyxpcproxy com.apple.rtcreportingd1⤵PID:563
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 1211⤵PID:564
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:564
-
/usr/libexec/rtcreportingd/usr/libexec/rtcreportingd1⤵PID:563
-
/usr/libexec/xpcproxyxpcproxy com.apple.sessionlogoutd1⤵PID:565
-
/System/Library/CoreServices/sessionlogoutd/System/Library/CoreServices/sessionlogoutd1⤵PID:565
-
/sbin/shutdown/sbin/shutdown -h now1⤵PID:1.8446744073709552e+19
-
/bin/shsh -c "/usr/bin/wall -n"1⤵PID:567
-
/bin/bashsh -c "/usr/bin/wall -n"1⤵PID:567
-
/usr/bin/wall/usr/bin/wall -n1⤵PID:567
-
/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnoseiogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin1⤵PID:1.8446744073709552e+19
-
/usr/sbin/spindumpspindump -shutdownstall 2 -timelimit 51⤵PID:569
-
/bin/shsh -c /usr/sbin/kextstat1⤵PID:570
-
/bin/bashsh -c /usr/sbin/kextstat1⤵PID:570
-
/usr/sbin/kextstat/usr/sbin/kextstat1⤵PID:570
-
/bin/bashbash /private/var/install/shutdown_installer_tasks1⤵PID:571
-
/bin/bashbash /private/var/install/deferred_install1⤵PID:572
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD59909227b6fd2415ccb9a276d99632243
SHA1c21dfda1e925054b0d6c882e43f87dbe1222a933
SHA256af7282a5f1a3c7a62bda5f2265b1254d420ba7b5aab58023df705dd6064d2ac9
SHA5129705d6811e00ee5f616ead194484f00df7fd5033e6bbea784c02438b87774a3e60ece7e2fb6e23486eec43743d642a105a16a615b3a5d5ee32d49b8f77814e5c
-
Filesize
5KB
MD580f7367cb52983d2b58c2570460a9e9b
SHA18b1020b84f2c57bc43c0b0e504529fbd176fc694
SHA256d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7
SHA512ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3
-
Filesize
5KB
MD5b029f4de2a30258eec08f87f7c134d72
SHA1886dfea946b08233f119ab91c4926387ae8c4b14
SHA2566ca8619960ca15e5e9a6fefeafb485d9217b2746ed4578ad048a4a83c68a0a6d
SHA512e42c2b25398b5b0e1733ab13c486ffe5d28a457eb0e1817cfd1ef488d9a955dfe4c03fbc5fd5f2e84af5d1191d9bf32ac4800f0978feba03a7fac7faa9b43eab
-
Filesize
5KB
MD5ccef48ae2f2f332799c6c2fd7edf988c
SHA1fccadbb695a64d388424771090a931c0a6e156c3
SHA2566fb516c5d70946f1396898385ed9c015ea08c2cef55e2e6c32e68a1536947b18
SHA512ecf3e7ae782d2c6858726a9edc6548fea4ed1cc4a6c06f162c2c3bc562cd74c507661ce3bba26ec45cb2d1dd1aa5fc1130ec1ff6d849a4aad680e0e48a7f2a50
-
Filesize
5KB
MD52d4610446f0fb5cfcf49134eb2b38721
SHA17ab22676eb6ff50aff8ecedb9e7f427bd225eb28
SHA256e430ae43a6af30393a0f46ea0b8c971a899454da05d22e9d24e2e96eda839497
SHA5120637197fb66c7cdd3d6b6f620bf5cb48110b32a5da03db164583ae22a822609fd80c11b19aca7b64970eae0d9842c0dfccf41c46d662eaf139ee0018ee97661b
-
Filesize
5KB
MD5b1d93af012a8b948b8eaebe20a4ca838
SHA1c3d1a9778e88922c38152b08700a90a8ff9c083c
SHA25632d88e1590bd2714c7552c028eb4e40537606857a799a91d23333454c508c246
SHA512d173c4ffcbd42af35a571a3fc5fefb14fe9304edd365e5e573788aff5a9722ed4a1636af3d9f4d904cb3bd5207c6d680f95c91ffb4701ecbad52438b6eabbb74
-
Filesize
15KB
MD58687e190e53ab80d0dcfb4562a170ce2
SHA16da94ecc6aa78acf1fae85c299db8848d74f6add
SHA2564fdcc4fbac24e3667851307f99b93a265d2baa772f8592583bc2eab5725b3bd5
SHA512632b26ed4fd27ba2754d8307b91d66432e9a05be1277f280d0b227753410d98b4952d8efb82f813d40337362d0f51b74cf566022fa6f34778e49752ed5bbb72a
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize219KB
MD52adc0a27bb6d15f9d0cfca5cef51d875
SHA12047a07534258c94ef350a0f80109245efc04c61
SHA2568874e1819f330336a6e17c6da32e9e982b5d69a1f6ed1df952334846a2bf0bde
SHA51262bade7991aa12f3c09656b81e6047f0d875bbb3adb8a7b19ccb4ec391d85cc16d05a72c49dc77858f07b0e0b7060942e6ade3636593ea160d7d56f0f87f879b
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize21.9MB
MD5ad3792eda4bd2ffd29629d16fd3c70ec
SHA15c839711ddc773b8480b4de02620411ba5dd61d7
SHA25603087a2a3cdc99bdab9c8569d02608d32861becb9bb645379e2a8fd5771b3df1
SHA512cdf75e059d74aca3affffd51a8a790e02c8075c610e7cfba28c30a212938da4fcf656ecb40680f96991bcecb273d70aed59da3057eec2e2b54473ff5fb5bad5e
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize125KB
MD530707783aca28aab049859a1a9cfb716
SHA119a83fb8ce79d0694710d8767441da0b67e91c2a
SHA25630db97a9198eb556e969a6728f517ebc6e9c2e24142fdae3fcd060d81a9f7e94
SHA512c06daa1ce8ce3d0b4d55fcdae0fece0b257b2d3819810aea3045cf0e56279c377766cb5cc7ef0b1add6e33d27a249745a0fe6969cf7be5326363b1db597a068c
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818
-
Filesize
21KB
MD5e1da288b44074dcd51be5feadb3b3b18
SHA12c4dd0ebc4159a8be2c2ba6aefeba96732d17856
SHA256651be12572ba7c53777669931cc01fe098c37e7c9a5d873fce6cfacb461f41c3
SHA512739f8c84084a65c95bacf9f0076eeb021b65a211d77b9929c9733efc133c5e5e0ef48bc4bd9ee7d343c0e56b7562e1941f172921ad54bacff3c47de0134209d7
-
Filesize
144KB
MD5395ebe8f5d47bd4c9902aa919ea9a7fc
SHA1bbcd415c97b9c994afd4ff925b57881d11c175eb
SHA25600bfb4ce684089702418cf3f90c397e0488aba273b624358e11d1ef9962878fc
SHA512443569fcb480804ad68ca8fcec514846bc210b4bbb31d268168050b5a7e099b46d9094c2ccb18e4c15bde4a464b32990a5cb7a77cb5287a7f51977c5b35192c6
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e