bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
53s
max time network
57s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
08-08-2024 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

face reveal!!!!.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

4^/10

evasion execution

Malware Config

Signatures

JavaScript 1 TTPs 1 IoCs

Adversaries may abuse various implementations of JavaScript for execution.

execution

JavaScript

T1059.007

ioc	Process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar	Process not Found

Resource Forking 1 TTPs 1 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/face reveal!!!!.zip\""
1⤵
PID:484

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/face reveal!!!!.zip\""
1⤵
PID:484

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/face reveal!!!!.zip"
1⤵
PID:484
- /bin/zsh
  /bin/zsh -c "/Users/run/face reveal!!!!.zip"
  2⤵
  PID:485
- /Users/run/face
  /Users/run/face "reveal!!!!.zip"
  2⤵
  PID:485

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:523

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.JarLauncher.2128
1⤵
PID:524

/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
"/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher"
1⤵
PID:524
- /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
  "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar
  2⤵
  PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.Microsoft Word"
1⤵
PID:527

/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
"/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word" -psn_0_159783
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 510
1⤵
PID:532

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1⤵
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads