09126e3f81d54c190114bc27d466c5b236f03b9fff7bcf0e6f11527c11f32822 | Triage

Sharing

General

Target

ZoomSetup.dmg
Size

852KB
Sample

240614-rpfjaaxhnp
MD5

f614a648405fe864ce06a0694816c1c4
SHA1

243c3ccd9cad406df6eecb12c25ce4c7ff2e11db
SHA256

09126e3f81d54c190114bc27d466c5b236f03b9fff7bcf0e6f11527c11f32822
SHA512

47d029082f2789314d8ebe2943a84cc0767c3459679cb566dd1fe10213390ad5d6b4fe4ff2aaee597577ad63c24b60d36e9573248813ba7cd492ec8eba90d225
SSDEEP

24576:qguDV6k3QjdypAyjQ1hyrAOkL7nBCCnhSaSD1j:qth6LjdypAys1hyrAOCBCCnhSaSD1j

Score

7^/10

discovery evasion execution macos

Malware Config

Targets

- Target
  
  ZoomSetup.dmg
- Size
  
  852KB
- MD5
  
  f614a648405fe864ce06a0694816c1c4
- SHA1
  
  243c3ccd9cad406df6eecb12c25ce4c7ff2e11db
- SHA256
  
  09126e3f81d54c190114bc27d466c5b236f03b9fff7bcf0e6f11527c11f32822
- SHA512
  
  47d029082f2789314d8ebe2943a84cc0767c3459679cb566dd1fe10213390ad5d6b4fe4ff2aaee597577ad63c24b60d36e9573248813ba7cd492ec8eba90d225
- SSDEEP
  
  24576:qguDV6k3QjdypAyjQ1hyrAOkL7nBCCnhSaSD1j:qth6LjdypAys1hyrAOCBCCnhSaSD1j
Score

7^/10

discovery evasion execution
- Queries the macOS version information.
  An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
  discovery
- System Checks
  Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.
  evasion
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Resource Forking

Indicator Removal

File Deletion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecution