0ed3b73b3f8c77361ee617af553f2b88aa283317d0feae66ae0f7e1ab96a7d99

Resubmissions

03-08-2024 13:31

240803-qsqyravbjq 3

03-08-2024 13:26

240803-qptv8svajm 10

Analysis

max time kernel
100s
max time network
152s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03-08-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bongo cat.exe
Size

301KB
MD5

b7067283b321191d6555082653665175
SHA1

175641d8558ff5fdcfe5d410008fca5140f17c53
SHA256

0ed3b73b3f8c77361ee617af553f2b88aa283317d0feae66ae0f7e1ab96a7d99
SHA512

d97871b41b3953b5e99d78351be17b0805add38c0abbff9cdab4c88c2b5dd1df2067cae6485197990afff1ef7d50e12b70d93d106e1064efe9d8b73b03f9eaed
SSDEEP

6144:peKoCiE/DFRaY4kdNQRhUUKtJ9Xzp+4wR4T+Ue6PPxBFO1:peKoC5/D3aidPHJDhw4+Ue6P

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 2 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/bongo cat.exe\""
1⤵
PID:483

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/bongo cat.exe\""
1⤵
PID:483

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/bongo cat.exe"
1⤵
PID:483

/bin/zsh
/bin/zsh -c "/Users/run/bongo cat.exe"
2⤵
PID:485

/Users/run/bongo
/Users/run/bongo cat.exe
2⤵
PID:485

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:471

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:477

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:468

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:481

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:474

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:521

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:523

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:523

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads