Resubmissions
22-08-2024 14:53
240822-r9gxvavhpn 322-08-2024 14:49
240822-r631xasfrh 522-08-2024 14:35
240822-ryadmasckd 9Analysis
-
max time kernel
366s -
max time network
1804s -
platform
macos-10.15_amd64 -
resource
macos-20240711.1-en -
resource tags
arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
22-08-2024 14:53
Static task
static1
Behavioral task
behavioral1
Sample
capcut_capcutpc_invitefission_1.2.4_installer (1).exe
Resource
macos-20240711.1-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/BgWorker.dll
Resource
macos-20240711.1-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
macos-20240711.1-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/deviceregister_shared.dll
Resource
macos-20240711.1-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/downloader_nsis_plugin.dll
Resource
macos-20240711.1-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/shell_downloader.dll
Resource
macos-20240711.1-en
General
-
Target
$PLUGINSDIR/BgWorker.dll
-
Size
2KB
-
MD5
33ec04738007e665059cf40bc0f0c22b
-
SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc
-
SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
-
SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/\$PLUGINSDIR/BgWorker.dll\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/\$PLUGINSDIR/BgWorker.dll\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run//BgWorker.dll1⤵
-
/bin/zsh/bin/zsh -c /Users/run//BgWorker.dll2⤵
-
/Users/run//BgWorker.dll/Users/run//BgWorker.dll2⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵
-
/usr/sbin/spindump/usr/sbin/spindump1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.diagnosticd1⤵
-
/usr/libexec/diagnosticd/usr/libexec/diagnosticd1⤵