91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92

Resubmissions

03-08-2024 03:16

240803-dse52awejb 10

03-08-2024 03:15

03-08-2024 03:15

03-08-2024 03:14

03-08-2024 03:14

03-08-2024 03:12

03-08-2024 03:08

03-08-2024 03:07

Analysis

max time kernel
318s
max time network
260s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03-08-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rBlbqI2.exe
Size

291KB
MD5

2fec9bf50de5395f799b23a1099b10d6
SHA1

6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e
SHA256

df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763
SHA512

5f6885fb1940ee4f84507e2b7929f637d8f264a5c77329aeae31803b772608ea93370177017f90f6f8d8bc9e0b30eb8607ed120d4ead68104fd70feec71a9ab8
SSDEEP

6144:pdSK04ETTZ+4TBpvjLCnVlBpevKBauJirVuD05VSKJ:poL4EnU4T/vjLeVlayRihuA5D

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/rBlbqI2.exe\""
1⤵
PID:485

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/rBlbqI2.exe\""
1⤵
PID:485

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/rBlbqI2.exe
1⤵
PID:485
- /bin/zsh
  /bin/zsh -c /Users/run/rBlbqI2.exe
  2⤵
  PID:487
- /Users/run/rBlbqI2.exe
  /Users/run/rBlbqI2.exe
  2⤵
  PID:487

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:513

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:513

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:515

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:515

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:516

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.29EF35D8-EB99-4AFB-80BA-4220688D5EDD 515
1⤵
PID:517

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:522

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.D714CFDC-66EE-4912-B96F-86133858F679 515
1⤵
PID:523

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 515
1⤵
PID:524

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:525

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.1DFF1BAB-346C-4D89-8DBB-76ABFDB72BEA 515
1⤵
PID:526

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.FaceTime.1860
1⤵
PID:541

/System/Applications/FaceTime.app/Contents/MacOS/FaceTime
/System/Applications/FaceTime.app/Contents/MacOS/FaceTime
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.videoconference.camera
1⤵
PID:542

/usr/libexec/avconferenced
/usr/libexec/avconferenced
1⤵
PID:542

/usr/libexec/xpcproxy
xpcproxy com.apple.FaceTime.FaceTimeNotificationCenterService 541
1⤵
PID:543

/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService
/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 541
1⤵
PID:544

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 542
1⤵
PID:545

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.Photos.1876
1⤵
PID:546

/System/Applications/Photos.app/Contents/MacOS/Photos
/System/Applications/Photos.app/Contents/MacOS/Photos
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.colorsync.useragent
1⤵
PID:547

/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.var-db-dslocal-backup
1⤵
PID:560

/usr/bin/xar
/usr/bin/xar -c -f dslocal-backup.xar dslocal
1⤵
PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
215KB

MD5
5c053b346aa88616d1b7d00c1dedc69b

SHA1
d5c7a1fb90bb9deb0335b38f5d1832a5e5255b6a

SHA256
b24ba945052a8d87592c4acfe0dd9230219c29d74470f728c7ea785728dfaa41

SHA512
d90111aeab998bbfb48f794d68fdd2af580a909968fd8b804d5e5e8bfb72f24b24febf4665ddc68122d5dea229a07dcfb359eb2e8afb0bf6ca24f3e8f1c89b69

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
21.9MB

MD5
925a55572b6f3bbaf3ab0249b2b95f1e

SHA1
f8015c5e732765d8bd0e2f42cef66d439eac1845

SHA256
6ec5f8369541f0280d9be8186a439d8867fa60e7b7dc6bc9fbd889d5a74626e8

SHA512
66aa4ff9e9c81ea24f587f891a5a83f9e91500c2ce48078b2ef35f87ec0b5e160ad725faf41709b1eb17e89088c1cc5a2cc1144345e7bf8d16d19d0e5c23bcd8

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
131KB

MD5
943de516de325531b1471901f210afab

SHA1
1c3aafca27d48afe7739f5b1ad7dad8ae0e5b8b7

SHA256
539f765428db522ee9d0ef2baa794fac8de34bee15b4eb4b50285364cc1002cd

SHA512
74942a4259e62f9cfa5f18ce3a366a3f53113fdeb1b8e26cf9075a939e8038c9776df537efa0b2f0aed08eb802383a5094ab8bac650659df859bae60369b6de5

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.colorsync.profiles.502

Filesize
21KB

MD5
1f8f4a587e2306e5f55d10a788b6c2af

SHA1
60fb84e53021bd93a0c357f840b65109513d4a80

SHA256
d941861804da4a5eff4dbeb666345272c6619075be449fb7097b31abf1d5bcf4

SHA512
45523e8404728d30f2f9e54ec0df9d81d9942f1a32ffa4d8e296a62f4c9445f7ccc6957d6e67a5d3518926f2fadf9d3a962acf46b6487f3e05a906f68c84453d

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads