32993b492aab45adf54272f9dbe76ad61ea44dfc7ce9293ebdb902d95f878df3 | Triage

Analysis

max time kernel
359s
max time network
386s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
08/08/2024, 17:24

Sharing

Report Analysis Logs

General

Target

trigger.js
Size

18B
MD5

bba5cbd0d5ef512e1dcc28380d368c8c
SHA1

89144aeb4bcf30fd6194508f8bac8f5cb066a18a
SHA256

32993b492aab45adf54272f9dbe76ad61ea44dfc7ce9293ebdb902d95f878df3
SHA512

e2f22349dea33b2450df7d52f38ce9146216c773a3cd81ba611681400213d80f735c7d545987e1b4e935ecdd2a2105b81ae9e7f9607a763f545139e03066c607

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/trigger.js\""
1⤵
PID:477

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/trigger.js\""
1⤵
PID:477

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/trigger.js
1⤵
PID:477
- /bin/zsh
  /bin/zsh -c /Users/run/trigger.js
  2⤵
  PID:480
- /Users/run/trigger.js
  /Users/run/trigger.js
  2⤵
  PID:480
- /bin/sh
  sh /Users/run/trigger.js
  2⤵
  PID:480
- /bin/bash
  sh /Users/run/trigger.js
  2⤵
  PID:480

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:530

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:530

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads