e40bc23c2b2a89841013ad9e014c2447f1511f78b282dff5ae4eeea5d0debf23

Analysis

max time kernel
105s
max time network
143s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
02/08/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt
Size

2KB
MD5

aff1f1be655a1623a9a417eb22c2fe86
SHA1

509c638a2c505fdc7e21e7519a4678fbaef27e34
SHA256

cd0e9941b7a582bd4b92b4fd846b89d5371d75d90e8bbdb46a83573973acf4ca
SHA512

b944f5305f1a4af1a9f7f1783347f8ab30c051d2c1766c9347877fa5dfcc2e39ee67341be55e2cfe263d0aadd096e2382204726c4ae8bc57de8e77959131ce71

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
sh -c "sudo /bin/zsh -c \"osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt\""	Process not Found
sudo /bin/zsh -c "osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt"	Process not Found
/bin/zsh -c "osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt"	Process not Found
osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt\""
1⤵
PID:483

/bin/bash
sh -c "sudo /bin/zsh -c \"osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt\""
1⤵
PID:483

/usr/bin/sudo
sudo /bin/zsh -c "osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt"
1⤵
PID:483
- /bin/zsh
  /bin/zsh -c "osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt"
  2⤵
  PID:484
- /usr/bin/osascript
  osascript /Users/run/RobloxPlayerInstaller/RobloxPlayerInstaller.app/Contents/Resources/RobloxPlayerInstaller.scpt
  2⤵
  PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads