Overview

overview

6

Static

static

3

FiveModsSetup.exe

windows7-x64

5

FiveModsSetup.exe

windows10-2004-x64

6

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

FiveMods.exe

windows7-x64

1

FiveMods.exe

windows10-2004-x64

6

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...owl.js

windows7-x64

3

resources/...owl.js

windows10-2004-x64

3

resources/...ils.js

windows7-x64

3

resources/...ils.js

windows10-2004-x64

3

resources/...oon.js

windows7-x64

3

resources/...oon.js

windows10-2004-x64

3

resources/...owl.js

windows7-x64

3

resources/...owl.js

windows10-2004-x64

3

resources/...ter.js

windows7-x64

3

resources/...ter.js

windows10-2004-x64

3

resources/...end.js

windows7-x64

3

resources/...end.js

windows10-2004-x64

3

resources/...ter.js

windows7-x64

3

resources/...ter.js

windows10-2004-x64

3

resources/...tifier

macos-10.15-amd64

4

resources/...nt.rtf

windows7-x64

4

Analysis

  • max time kernel
    77s
  • max time network
    158s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    08/08/2024, 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier

  • Size

    85KB

  • MD5

    ade5227f13963b5bb72b47f0ad410819

  • SHA1

    24d1a22cbd8b026c35b29f1981f4d9fdff08af37

  • SHA256

    2588f4ae2118396419767c388cf2b0a9a5e0cb53ce5d05a07c00f68a97a50215

  • SHA512

    ee702782dbd44682f0c9234fbd2d256b14ee70f349186f37e025bdac20ec5b10d515e9d91e6b54a5df7ee7312f2faf4d299e1ba1e03419cfa52585f2c1195fb6

  • SSDEEP

    1536:nTAF22YtIwY0lROGiPcKXXXKV2Qaf5dC1:nTvtIWROJPvXKv

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 4 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier\""
    1⤵
      PID:514
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier\""
      1⤵
        PID:514
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier
        1⤵
          PID:514
          • /bin/zsh
            /bin/zsh -c /Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier
            2⤵
              PID:515
            • /Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier
              /Users/run/resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier
              2⤵
                PID:515
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.ViewBridgeAuxiliary
              1⤵
                PID:516
              • /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
                /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
                1⤵
                  PID:516
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.sysmond
                  1⤵
                    PID:519
                  • /usr/libexec/sysmond
                    /usr/libexec/sysmond
                    1⤵
                      PID:519
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.audio.AudioComponentRegistrar
                      1⤵
                        PID:520
                      • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                        /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                        1⤵
                          PID:520
                        • /bin/launchctl
                          /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                          1⤵
                            PID:534
                          • /bin/launchctl
                            /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                            1⤵
                              PID:535
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                              1⤵
                                PID:540
                              • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                1⤵
                                  PID:540

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads