Analysis
-
max time kernel
39s -
max time network
52s -
platform
macos-10.15_amd64 -
resource
macos-20240611-en -
resource tags
arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
19-06-2024 11:22
Behavioral task
behavioral1
Sample
AudioSlicer-1.1.1.dmg
Resource
macos-20240611-en
Behavioral task
behavioral2
Sample
AudioSlicer-1.1.1/AudioSlicer.app/Contents/MacOS/AudioSlicer
Resource
macos-20240611-en
Behavioral task
behavioral3
Sample
AudioSlicer-1.1.1/AudioSlicer.app/Contents/Resources/AudioSlicer_User_Guide.pdf
Resource
macos-20240611-en
Behavioral task
behavioral4
Sample
AudioSlicer-1.1.1/AudioSlicer.app/Contents/Resources/English.lproj/Credits.rtf
Resource
macos-20240611-en
General
-
Target
AudioSlicer-1.1.1.dmg
-
Size
938KB
-
MD5
496cc2994ab31e703ceeff2083aa9b7b
-
SHA1
432248b967d7e08ca9faf07cf98b0aaf7376600c
-
SHA256
c0ef4d9b1690943def00ce4c7bb2838ff08cfe0d3ff85d39ca1e4ddc97593d01
-
SHA512
f359245a9f28995b7e4476368b4217bd9a322e74e11a2ef0999231388dcabe038d7a75a46d04c35136a8312d22cd3894ed4408f5f8d13257dd62e01d9c997bbc
-
SSDEEP
24576:OG3zz9sty+Fb+Dqyg///1HXIY0in4AGCe5tzT:Own2y+pmHg3/GtinfS
Malware Config
Signatures
-
Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes:
ioc process /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app\""1⤵PID:546
-
/bin/bashsh -c "sudo /bin/zsh -c \"open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app\""1⤵PID:546
-
/usr/bin/sudosudo /bin/zsh -c "open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app"1⤵PID:546
-
/bin/zsh/bin/zsh -c "open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app"2⤵PID:547
-
/usr/bin/openopen /Volumes/AudioSlicer-1.1.1/AudioSlicer.app2⤵PID:547
-
/usr/libexec/xpcproxyxpcproxy com.apple.nehelper1⤵PID:548
-
/usr/libexec/nehelper/usr/libexec/nehelper1⤵PID:548
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.88DC986C-A3E8-4BC9-86F6-B0EEFB1E33EB 5511⤵PID:553
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵PID:553
-
/usr/libexec/xpcproxyxpcproxy com.apple.bird1⤵PID:555
-
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird1⤵PID:555
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵PID:557
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper1⤵PID:558
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper1⤵PID:558
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextEdit.20921⤵PID:559
-
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit/System/Applications/TextEdit.app/Contents/MacOS/TextEdit1⤵PID:559
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵PID:560
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵PID:557
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵PID:570
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵PID:570
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD5ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA2569261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb
-
Filesize
89B
MD54d3efd632ec536e165b91e26b8fbde8a
SHA1833a9b9e93b418474bfacce83dbc6b3355ef6075
SHA25605205992906b7e74d921ef7e1643c83c861abf69adabb15d3699620fd456a630
SHA512d5493e235e660bb83300e367498f6695370f0552c627e35a202529069d65354a591b7c47c2567b2149dca9fc5084e3655216b2dd585b598d12af4d6f22aaf2fc