dc073aca6b6e60137feae5ad99bf1b32f929f6ba9075f07647d943ab863ca8ff

Analysis

max time kernel
1787s
max time network
1788s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
17-08-2024 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Brave-Browser.dmg
Size

197.0MB
MD5

a07fd626083e467a4c3b3184eb2e3795
SHA1

18b473b8669eac97b0f2b356e62f6480be5f844e
SHA256

dc073aca6b6e60137feae5ad99bf1b32f929f6ba9075f07647d943ab863ca8ff
SHA512

4d776a5d60240a5fe1f8cff770496e035a67aa4a0913d647d0a4c20d9c81576a816e52b15a2c3a70a004cc115ca37011699a8bd41ca474289472f26042476c9d
SSDEEP

6291456:UThWXnzND9r7zK8SI/odj9z4dGu2rRZQpp1w0:UThWXHvK89gZzg2ZQpLw

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 3 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/Brave\\ Browser/Brave\\ Browser.app\""
1⤵
PID:525

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Brave\\ Browser/Brave\\ Browser.app\""
1⤵
PID:525

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Brave\\ Browser/Brave\\ Browser.app"
1⤵
PID:525
- /bin/zsh
  /bin/zsh -c "open /Volumes/Brave\\ Browser/Brave\\ Browser.app"
  2⤵
  PID:526
- /usr/bin/open
  open "/Volumes/Brave Browser/Brave Browser.app"
  2⤵
  PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:531

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:532

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.brave.Browser.2320
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:536

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 516
1⤵
PID:540

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:540

/Volumes/Brave Browser/Brave Browser.app/Contents/MacOS/Brave Browser
"/Volumes/Brave Browser/Brave Browser.app/Contents/MacOS/Brave Browser"
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:554

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:554

/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/chrome_crashpad_handler
"/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/Users/run/Library/Application Support/BraveSoftware/Brave-Browser/Crashpad" "--url=https://cr.brave.com" "--annotation=plat=OS X" "--annotation=prod=Brave_Mac" "--annotation=ver=127.1.68.141" "--handshake-fd=5"
1⤵
PID:0
- /usr/libexec/xpcproxy
  xpcproxy com.apple.spindump
  2⤵
  PID:558
- /usr/sbin/spindump
  /usr/sbin/spindump
  2⤵
  PID:558
- /usr/libexec/xpcproxy
  xpcproxy com.apple.spindump_agent
  2⤵
  PID:559
- /usr/libexec/spindump_agent
  /usr/libexec/spindump_agent
  2⤵
  PID:559
- /usr/bin/profiles
  /usr/bin/profiles status -type enrollment
  2⤵
  PID:560
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (GPU).app/Contents/MacOS/Brave Browser Helper (GPU)
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (GPU).app/Contents/MacOS/Brave Browser Helper (GPU)" "--type=gpu-process" --start-stack-profiler "--gpu-preferences=WAAAAAAAAAAgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAcAAAAAAABoBwAAAAAAAHgCAABOAAAAcAIAAAAAAAB4AgAAAAAAAIACAAAAAAAAiAIAAAAAAACQAgAAAAAAAJgCAAAAAAAAoAIAAAAAAACoAgAAAAAAALACAAAAAAAAuAIAAAAAAADAAgAAAAAAAMgCAAAAAAAA0AIAAAAAAADYAgAAAAAAAOACAAAAAAAA6AIAAAAAAADwAgAAAAAAAPgCAAAAAAAAAAMAAAAAAAAIAwAAAAAAABADAAAAAAAAGAMAAAAAAAAgAwAAAAAAACgDAAAAAAAAMAMAAAAAAAA4AwAAAAAAAEADAAAAAAAASAMAAAAAAABQAwAAAAAAAFgDAAAAAAAAYAMAAAAAAABoAwAAAAAAAHADAAAAAAAAeAMAAAAAAACAAwAAAAAAAIgDAAAAAAAAkAMAAAAAAACYAwAAAAAAAKADAAAAAAAAqAMAAAAAAACwAwAAAAAAALgDAAAAAAAAwAMAAAAAAADIAwAAAAAAANADAAAAAAAA2AMAAAAAAADgAwAAAAAAAOgDAAAAAAAA8AMAAAAAAAD4AwAAAAAAAAAEAAAAAAAACAQAAAAAAAAQBAAAAAAAABgEAAAAAAAAIAQAAAAAAAAoBAAAAAAAADAEAAAAAAAAOAQAAAAAAABABAAAAAAAAEgEAAAAAAAAUAQAAAAAAABYBAAAAAAAAGAEAAAAAAAAaAQAAAAAAABwBAAAAAAAAHgEAAAAAAAAgAQAAAAAAACIBAAAAAAAAJAEAAAAAAAAmAQAAAAAAACgBAAAAAAAAKgEAAAAAAAAsAQAAAAAAAC4BAAAAAAAAMAEAAAAAAAAyAQAAAAAAADQBAAAAAAAANgEAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAEAAAAQAAAAAAAAAAAAAAACAAAAEAAAAAAAAAAAAAAAAwAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAAAAAAAEAAAABAAAAAAAAAAAQAAAAAAAAAQAAAAAAAAAAEAAAABAAAAEAAAAAAAAAABAAAAAgAAABAAAAAAAAAAAQAAAAMAAAAQAAAAAAAAAAEAAAAGAAAAEAAAAAAAAAABAAAABwAAABAAAAAAAAAAAQAAAAgAAAAQAAAAAAAAAAEAAAAJAAAAEAAAAAAAAAABAAAACwAAABAAAAAAAAAAAQAAAAwAAAAQAAAAAAAAAAEAAAAOAAAAEAAAAAAAAAABAAAADwAAABAAAAAAAAAAAQAAABAAAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAAAQAAABAAAAAAAAAABAAAAAIAAAAQAAAAAAAAAAQAAAADAAAAEAAAAAAAAAAEAAAABgAAABAAAAAAAAAABAAAAAcAAAAQAAAAAAAAAAQAAAAIAAAAEAAAAAAAAAAEAAAACQAAABAAAAAAAAAABAAAAAsAAAAQAAAAAAAAAAQAAAAMAAAAEAAAAAAAAAAEAAAADgAAABAAAAAAAAAABAAAAA8AAAAQAAAAAAAAAAQAAAAQAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAEAAAAQAAAAAAAAAAgAAAACAAAAEAAAAAAAAAAIAAAAAwAAABAAAAAAAAAACAAAAAYAAAAQAAAAAAAAAAgAAAAHAAAAEAAAAAAAAAAIAAAACAAAABAAAAAAAAAACAAAAAkAAAAQAAAAAAAAAAgAAAALAAAAEAAAAAAAAAAIAAAADAAAABAAAAAAAAAACAAAAA4AAAAQAAAAAAAAAAgAAAAPAAAAEAAAAAAAAAAIAAAAEAAAABAAAAAAAAAACQAAAAAAAAAQAAAAAAAAAAkAAAABAAAAEAAAAAAAAAAJAAAAAgAAABAAAAAAAAAACQAAAAMAAAAQAAAAAAAAAAkAAAAGAAAAEAAAAAAAAAAJAAAABwAAABAAAAAAAAAACQAAAAgAAAAQAAAAAAAAAAkAAAAJAAAAEAAAAAAAAAAJAAAACwAAABAAAAAAAAAACQAAAAwAAAAQAAAAAAAAAAkAAAAOAAAAEAAAAAAAAAAJAAAADwAAABAAAAAAAAAACQAAABAAAAAQAAAAAAAAAAsAAAAAAAAAEAAAAAAAAAALAAAAAQAAABAAAAAAAAAACwAAAAIAAAAQAAAAAAAAAAsAAAADAAAAEAAAAAAAAAALAAAABgAAABAAAAAAAAAACwAAAAcAAAAQAAAAAAAAAAsAAAAIAAAAEAAAAAAAAAALAAAACQAAABAAAAAAAAAACwAAAAsAAAAQAAAAAAAAAAsAAAAMAAAAEAAAAAAAAAALAAAADgAAABAAAAAAAAAACwAAAA8AAAAQAAAAAAAAAAsAAAAQAAAACAAAAAAAAAAIAAAAAAAAAA==" --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version "--seatbelt-client=27"
  2⤵
  PID:563
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper.app/Contents/MacOS/Brave Browser Helper
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper.app/Contents/MacOS/Brave Browser Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" --start-stack-profiler --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version "--seatbelt-client=28"
  2⤵
  PID:565
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper.app/Contents/MacOS/Brave Browser Helper
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper.app/Contents/MacOS/Brave Browser Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version "--seatbelt-client=37"
  2⤵
  PID:572
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Alerts).app/Contents/MacOS/Brave Browser Helper (Alerts)
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Alerts).app/Contents/MacOS/Brave Browser Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version
  2⤵
  PID:588
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Renderer).app/Contents/MacOS/Brave Browser Helper (Renderer)
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Renderer).app/Contents/MacOS/Brave Browser Helper (Renderer)" "--type=renderer" --enable-distillability-service "--origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU=" "--brave_session_token=14796523111076753315" "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--time-ticks-at-unix-epoch=-1723901120578175" "--launch-time-ticks=1794197593" --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version "--seatbelt-client=87"
  2⤵
  PID:596
- /Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Renderer).app/Contents/MacOS/Brave Browser Helper (Renderer)
  "/Volumes/Brave Browser/Brave Browser.app/Contents/Frameworks/Brave Browser Framework.framework/Versions/127.1.68.141/Helpers/Brave Browser Helper (Renderer).app/Contents/MacOS/Brave Browser Helper (Renderer)" "--type=renderer" --enable-distillability-service "--origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU=" "--brave_session_token=14796523111076753315" "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--time-ticks-at-unix-epoch=-1723901120578175" "--launch-time-ticks=1817451371" --shared-files "--field-trial-handle=1718379636,r,8790307954470225639,12491286767437843407,262144" --variations-seed-version "--seatbelt-client=87"
  2⤵
  PID:597

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Application Support/BraveSoftware/Brave-Browser/Crashpad/settings.dat

Filesize
40B

MD5
f679e40dd7d4d2d4c943552c0edc5d23

SHA1
0e7c39af423050292e68be59a698df9a1b919a4d

SHA256
a099e37dd9acff4c4f68cf2f7a3556528144e31cccda0817a8b8a0a274efdbac

SHA512
6e7d070805510230b5d20fc4d5051cb80419d673fbde440027d6161cb5f4cf8011c0bdfd186b694f88b0153403a143922e1951d986c9ce5558d03ee8222968b0

Download Submit
/Users/run/Library/Application Support/BraveSoftware/Brave-Browser/Default/Sync Data/LevelDB/CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/Users/run/Library/Application Support/BraveSoftware/Brave-Browser/Default/Sync Data/LevelDB/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
d7e5340bb2628f1d2277a274fa344847

SHA1
589568f12ff9a1b9a65d83cd9bdb9ea422918776

SHA256
c80e16b4dd99b40b31d198810caf9c1ae924feb2dbfb5959990c619b1887ddbf

SHA512
8de2e3ffcd29b89fe2f19c5469dea61a882feb1205ec14197ef10ab26dde7779f3fc8944123e4c9b789606bcb325cec1027dadda2ec654cf78e98e525b89ee80

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit