Malware Analysis Report

2024-10-16 06:34

Sample ID 240609-hajgysff98
Target robot.png
SHA256 5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

Threat Level: No (potentially) malicious behavior was detected

The file robot.png was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 06:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 06:31

Reported

2024-06-09 07:03

Platform

macos-20240410-en

Max time kernel

377s

Max time network

1582s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/robot.png"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/robot.png"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/robot.png"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/robot.png]

/bin/zsh

[/bin/zsh -c /Users/run/robot.png]

/Users/run/robot.png

[/Users/run/robot.png]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
N/A 224.0.0.251:5353 udp
IE 17.57.146.88:5223 tcp
US 8.8.8.8:53 15-courier.push.apple.com udp
GB 17.57.146.151:5223 15-courier.push.apple.com tcp
GB 17.57.146.155:5223 15-courier.push.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A