Overview

overview

6

Static

static

1

GrandTotal_8.4.1.dmg

macos-10.15-amd64

6

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    01-09-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GrandTotal_8.4.1.dmg

  • Size

    39.2MB

  • MD5

    853b2646bb3830bfb09942faf745d387

  • SHA1

    7d494206b91cfa34f0164ade1757e7ef40f3a1ec

  • SHA256

    2bd23938b524e1f4bed7486ed7b1ee7a3ea8951a19d3afe78212d744974ac28b

  • SHA512

    345dfa85663fc29f5694ae4b0f5c52656059090f69ebb78bf24b10ca207bd9236fb17523d6b130c8a8400635b87e9d8f5f4427d4325577d6b0adfa56bfbc4f26

  • SSDEEP

    786432:wtedTt1qYcrhdmw7Jogf8zIhA8UpvdfSzkUDTK2zlsm:medTt4hd9ogfIDfSTXK2u

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/GrandTotal/GrandTotal.app\""
    1⤵
      PID:519
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/GrandTotal/GrandTotal.app\""
      1⤵
        PID:519
      • /usr/bin/sudo
        sudo /bin/zsh -c "open /Volumes/GrandTotal/GrandTotal.app"
        1⤵
          PID:519
          • /bin/zsh
            /bin/zsh -c "open /Volumes/GrandTotal/GrandTotal.app"
            2⤵
              PID:520
            • /usr/bin/open
              open /Volumes/GrandTotal/GrandTotal.app
              2⤵
                PID:520
            • /usr/libexec/xpcproxy
              xpcproxy com.mediaatelier.GrandTotal3.2320
              1⤵
                PID:521
              • /Volumes/GrandTotal/GrandTotal.app/Contents/MacOS/GrandTotal
                /Volumes/GrandTotal/GrandTotal.app/Contents/MacOS/GrandTotal
                1⤵
                  PID:521
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.spindump
                  1⤵
                    PID:531
                  • /usr/sbin/spindump
                    /usr/sbin/spindump
                    1⤵
                      PID:531
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.spindump_agent
                      1⤵
                        PID:532
                      • /usr/libexec/spindump_agent
                        /usr/libexec/spindump_agent
                        1⤵
                          PID:532
                        • /usr/bin/ditto
                          /usr/bin/ditto -Vxk --norsrc --noextattr /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/CFNetworkDownload_eyfpGz.tmp /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/FCD20BED-192A-4737-A5BB-D8E19D8F904A
                          1⤵
                            PID:536

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • /Users/run/Library/Caches/io.sentry/727452c86791eb9fc43c012aa237b46698a9c11a/envelopes/1725247982.921859-00000-80D250FB-8B02-4470-AB38-C36ED87A199E.json
                            Filesize

                            358B

                            MD5

                            82fff93bc2817e2747a6162aaff51630

                            SHA1

                            e3594fbf3b864a23bd28c2fef5f7a1c91556bda3

                            SHA256

                            3501ecfe039e8509223213aeec6313e80d08fd005219549ae3c2dbfd3cb04202

                            SHA512

                            28640c65ed438044c12bd9a3647757f6e557c4409b5780338d4e5a4340008c15b59ab7e7b1c145af11b689c486b68503a099f76d3fd98d3a94f8040a14f11587

                            Download Submit

                          • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
                            Filesize

                            47KB

                            MD5

                            0e4a0d1ceb2af6f0f8d0167ce77be2d3

                            SHA1

                            414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

                            SHA256

                            cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

                            SHA512

                            1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

                            Download Submit

                          • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
                            Filesize

                            4KB

                            MD5

                            d3a1859e6ec593505cc882e6def48fc8

                            SHA1

                            f8e6728e3e9de477a75706faa95cead9ce13cb32

                            SHA256

                            3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

                            SHA512

                            ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

                            Download Submit

                          • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/CFNetworkDownload_eyfpGz.tmp
                            Filesize

                            1KB

                            MD5

                            d613d34666e96039e64df0c1738e22f2

                            SHA1

                            0f8e1147b00b5e0cd226007a56c8ec79af2c55d8

                            SHA256

                            e73b6a7115cb0a9594d0829f4d0d7e5a234fae3d84fd1a786c0154b43ab86563

                            SHA512

                            fc47eb1208ae95f96926e4a3a59e417929a2c63727f8552463be9f0e57b8012b1dc3a50824d239dd07b7d9f2eeb8ae9669f3bca5e537084c0178c7fecffd371f

                            Download Submit