Malware Analysis Report

2024-10-10 07:18

Sample ID 240611-hjlzfaydqn
Target http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 06:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 06:46

Reported

2024-06-11 06:48

Platform

macos-20240410-en

Max time kernel

120s

Max time network

124s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
DE 20.52.64.201:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
GB 17.250.81.67:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
DE 51.116.246.105:443 tcp

Files

N/A