174cffb8ff16f597f183e8be22d8ec7f908174853ad7a858fe1f2bd447c36057

Analysis

max time kernel
231s
max time network
270s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
15-07-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iconik Agent-24.6.0-x64.dmg
Size

102.7MB
MD5

58c6a62a93e7ec62706de649a1c7c61b
SHA1

77cc273ab11b11a64552e441fe242ffe369523d1
SHA256

174cffb8ff16f597f183e8be22d8ec7f908174853ad7a858fe1f2bd447c36057
SHA512

37a2f38585c1e8da22c6a4dfc91d7cb8069b3d1dd21d11103729f0c4f42b9ea344033270988b4b4c32788e66d068a668fe46ac4ee99cbf86c145bb349d582fb0
SSDEEP

3145728:vpO4skv6ZPUSUMO3UtGmYTQthe1AbUDPzt4o8Dfybu:vpOdQ6+SHO3UtxDeIU/Oo8

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/iconik\\ Agent/iconik\\ Agent.app\""
1⤵
PID:530

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/iconik\\ Agent/iconik\\ Agent.app\""
1⤵
PID:530

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/iconik\\ Agent/iconik\\ Agent.app"
1⤵
PID:530
- /bin/zsh
  /bin/zsh -c "open /Volumes/iconik\\ Agent/iconik\\ Agent.app"
  2⤵
  PID:532
- /usr/bin/open
  open "/Volumes/iconik Agent/iconik Agent.app"
  2⤵
  PID:532

/usr/libexec/xpcproxy
xpcproxy io.iconik.desktopagent.2328
1⤵
PID:533

/Volumes/iconik Agent/iconik Agent.app/Contents/MacOS/iconikAgent
"/Volumes/iconik Agent/iconik Agent.app/Contents/MacOS/iconikAgent"
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:539

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:540

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:541

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:541

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:542

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:544

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.E5A98304-ACDF-4CBD-AB2A-7992A985ABB3
1⤵
PID:546

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:556

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:557

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:556

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:555

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:551

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 547
1⤵
PID:562

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 547
1⤵
PID:569

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:569

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads