Overview

overview

6

Static

static

3

Somiibo-Setup.exe

windows7-x64

6

Somiibo-Setup.exe

windows10-2004-x64

6

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...in.dll

windows7-x64

1

resources/...in.dll

windows10-2004-x64

1

resources/...nux.js

windows7-x64

3

resources/...nux.js

windows10-2004-x64

3

resources/...cos.js

windows7-x64

3

resources/...cos.js

windows10-2004-x64

3

resources/...ing.js

windows7-x64

3

resources/...ing.js

windows10-2004-x64

3

resources/...ows.js

windows7-x64

3

resources/...ows.js

windows10-2004-x64

3

resources/...n/main

macos-10.15-amd64

4

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

swiftshade...GL.dll

windows7-x64

3

swiftshade...GL.dll

windows10-2004-x64

3

swiftshade...v2.dll

windows7-x64

3

swiftshade...v2.dll

windows10-2004-x64

3

vk_swiftshader.dll

windows7-x64

3

vk_swiftshader.dll

windows10-2004-x64

3

vulkan-1.dll

windows7-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    150s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    26/08/2024, 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/active-win/main

  • Size

    222KB

  • MD5

    92f28c367b320fab501f48cc38dd5ffa

  • SHA1

    aace496496cc9c169d39f62a57708f07631c11e4

  • SHA256

    0ecc5a41402bfc08282120f452a33efc91fc3622a85d911222bfb35cced05099

  • SHA512

    9263f135523670865c89894614a5cd87c75fb03b2bcc24a4847efaaec3240c163f5e92f7eeeed34d3bd20b563369903a84806a5469acf574aac5e7a0ffc2cedc

  • SSDEEP

    3072:myWgx8dU/ykTzvlwzTgY4JjfrmYTp0yvrgUDWIv:myWi8qakTzvSfgY4JfaYXDgU6k

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 4 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/resources/app.asar.unpacked/node_modules/active-win/main\""
    1⤵
      PID:512
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/resources/app.asar.unpacked/node_modules/active-win/main\""
      1⤵
        PID:512
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/resources/app.asar.unpacked/node_modules/active-win/main
        1⤵
          PID:512
          • /bin/zsh
            /bin/zsh -c /Users/run/resources/app.asar.unpacked/node_modules/active-win/main
            2⤵
              PID:513
            • /Users/run/resources/app.asar.unpacked/node_modules/active-win/main
              /Users/run/resources/app.asar.unpacked/node_modules/active-win/main
              2⤵
                PID:513

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads