6592188091d1ffbae3e0140b4cb7d95f18bddc18eae9ecde8b6a80416b41b935

Analysis

max time kernel
306s
max time network
510s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
09/08/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

288KB
MD5

2589da59ab2bab2194dd0ff9d9f927d8
SHA1

eb875d5a179ad0b5f21a1e5a4d92c361654a8b40
SHA256

6592188091d1ffbae3e0140b4cb7d95f18bddc18eae9ecde8b6a80416b41b935
SHA512

d4622714fa21e89bf4e2966f0b6bbf8f0ce7e68ec9728d98c972394edc297e1a1e924f3b85573e9fa28e85b69a2239de44c3dc2fda1c9794834f18db5a868b42
SSDEEP

1536:olOPHHchPKdblDvU6DUcIzkb6q4Wg9dSHqdP9kn1ZIqe2w5y8YQgqeiCVKOMOmw8:o08hPSvUh/SkLR4Q2w08YQPbCVKOkdL

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 2 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck	Process not Found
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/.html\""
1⤵
PID:481

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/.html\""
1⤵
PID:481

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/.html
1⤵
PID:481
- /bin/zsh
  /bin/zsh -c /Users/run/.html
  2⤵
  PID:482
- /Users/run/.html
  /Users/run/.html
  2⤵
  PID:482
- /bin/sh
  sh /Users/run/.html
  2⤵
  PID:482
- /bin/bash
  sh /Users/run/.html
  2⤵
  PID:482

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:473

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:470

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:477

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:468

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:476

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:515

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:520

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...