174cffb8ff16f597f183e8be22d8ec7f908174853ad7a858fe1f2bd447c36057

Analysis

max time kernel
143s
max time network
271s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
15/07/2024, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js
Size

1.2MB
MD5

b68881d734c5d7b77a5e3fefe86a3b0a
SHA1

c47e57f033ef27f827274eb82fee07c3242b1590
SHA256

94f1b4b8e29b052fbf6cd0c35318aa543fe4a8d1d1efdf0fa545fe18c5af7b73
SHA512

cc5eac2c9a77c77fa1a5c40677196977b085beb81d320b6f14bf3e8c4f5431a3f770766e210a4a456294cd36a7af1b13a82987a9f5e02229087c6d11c00f6053
SSDEEP

12288:hkLgYSx7bLtRUO0B0AooIPvvrBIJWjG8Uj+elP3sQ5SRV:hQY7bpbthrioi8UjTtcwSRV

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js	Process not Found
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js\""	Process not Found
sudo /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js"	Process not Found
/bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js"	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js\""
1⤵
PID:477

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js\""
1⤵
PID:477

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js"
1⤵
PID:477
- /bin/zsh
  /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js"
  2⤵
  PID:478
- /Users/run/iconik
  /Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/renderer/main_window/index.js
  2⤵
  PID:478

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...