6182dd73f2aee1b1b41fab6d060615a8227a0f3cf754f936c756484dc51771f8

Analysis

max time kernel
88s
max time network
147s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
29/08/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bookpractCombo.pdf
Size

23.7MB
MD5

93aa9b08a15bdcbce53e6f8aee5f5242
SHA1

9308dbe19e7c5de4ead9de54532d1d785cd78109
SHA256

6182dd73f2aee1b1b41fab6d060615a8227a0f3cf754f936c756484dc51771f8
SHA512

c42fa45a6814f4bb53bf49b8d5a655eead7aaaaf5f3aab32175ba9bb6061b98ae314c880e50f09fb50e9282898c9e9f3126be71c76bfa03e5f9cb444f94ccd2c
SSDEEP

393216:tJdYuu4kDBzX+HJU/E1+LeTbbslzSA4RJ3+7rRSxhSe7Yymdp1LczM:t0uu4kDBzOEyYlzsfCRopaj2zM

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 2 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer	Process not Found
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/bookpractCombo.pdf\""
1⤵
PID:476

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/bookpractCombo.pdf\""
1⤵
PID:476

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/bookpractCombo.pdf
1⤵
PID:476
- /bin/zsh
  /bin/zsh -c /Users/run/bookpractCombo.pdf
  2⤵
  PID:478
- /Users/run/bookpractCombo.pdf
  /Users/run/bookpractCombo.pdf
  2⤵
  PID:478
- /bin/sh
  sh /Users/run/bookpractCombo.pdf
  2⤵
  PID:478
- /bin/bash
  sh /Users/run/bookpractCombo.pdf
  2⤵
  PID:478

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:460

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:464

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:467

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:473

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:469

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/tmp//sh-thd-2876272705

Filesize
4B

MD5
88f41039b16485efe85f1ec355f8e840

SHA1
ddbbccb7b1c22371500c0650fbef97e851e13603

SHA256
ccf011922c70b18a47f39a822d622d0f60ba39f1f6aa974b15396d6230e467a6

SHA512
440538550148ae5b6bfb808ff558dce133a66b2bf29d83a10e2f494d204d5ba393053bfa178bd7e33c4369ced40f134253fb46abb6c82202165cf8c6ae6eca5b

Download Submit