174cffb8ff16f597f183e8be22d8ec7f908174853ad7a858fe1f2bd447c36057

Analysis

max time kernel
199s
max time network
303s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
15/07/2024, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js
Size

301KB
MD5

6c16279527f0a8b95c3d28c2d6780569
SHA1

53042b5cd6e77d83b61886c8b4dfa9290fa4a555
SHA256

b632ceb0570c2195803181c9363e5eb0da3e1dab709de93da183c55aa6204e7d
SHA512

9755ba15e8f6fc1a7853622f43d96872ccd42797c2fc5554b94eb6df5a33f4df59f54741a8d9ff7b389b4edbbc1003742034d22c8f6a06ba720ec57c05f1df2d
SSDEEP

1536:O4ZhbI4TlQ8g2GrPWJNM+lpLSwtAGf1CfKI9jT+Ul/xrZbkxLRIFeB2OMIrfA64m:OkbI4Xg96E+lUw9f1etAN8rl39M

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
sudo /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js"	Process not Found
/bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js"	Process not Found
/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js	Process not Found
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js\""	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js\""
1⤵
PID:492

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js\""
1⤵
PID:492

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js"
1⤵
PID:492
- /bin/zsh
  /bin/zsh -c "/Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js"
  2⤵
  PID:499
- /Users/run/iconik
  /Users/run/iconik Agent/iconik Agent.app/Contents/Resources/app/.webpack/main/314.index.js
  2⤵
  PID:499

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:509

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:509

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...