e4a3b0ce536c0996082311077ac65a096d9e6bbf404c6e6a155ecefb32e864c5

Analysis

max time kernel
2692s
max time network
2702s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
05/09/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gs-auto-clicker-4-0.exe
Size

850KB
MD5

e42d679a626463742b553794dea6f62b
SHA1

789c25a360342fd431dccbf01b831c36aa229317
SHA256

e4a3b0ce536c0996082311077ac65a096d9e6bbf404c6e6a155ecefb32e864c5
SHA512

9ff1ea63334ab8dc3b81edfd572c0e1a7483ac6912255c839aafbba88e0aa19334c2810966384f7998af697dcb9e4ee502cec276a11108c2f0f9510e2aa67279
SSDEEP

12288:0aWzgMg7v3qnCi0ErQohh0F42CJ8lnypQDaGEohvRyPJ1+Fxe:raHMv6CorjSnypQDaG9u1We

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 1 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/gs-auto-clicker-4-0.exe\""
1⤵
PID:484

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/gs-auto-clicker-4-0.exe\""
1⤵
PID:484

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/gs-auto-clicker-4-0.exe
1⤵
PID:484
- /bin/zsh
  /bin/zsh -c /Users/run/gs-auto-clicker-4-0.exe
  2⤵
  PID:486
- /Users/run/gs-auto-clicker-4-0.exe
  /Users/run/gs-auto-clicker-4-0.exe
  2⤵
  PID:486

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:512

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:513

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:513

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.357C1726-7EFE-4AF7-B5BD-8D489CF3631A 512
1⤵
PID:514

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:519

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:519

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.87841E89-FFF3-4728-B3CC-BA68C20ED2BB 512
1⤵
PID:520

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 512
1⤵
PID:522

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.78DED99A-D1A6-47AE-BA41-6E99904FCCE8 512
1⤵
PID:524

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2ACC7750-3865-42AC-A773-90606A61F042 512
1⤵
PID:525

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.4A21C3EC-1392-4BB8-9FD4-5DD2A0B762D5 512
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.28787BEC-2906-4263-B15F-541BE097FCE4 512
1⤵
PID:529

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:527

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:529

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:536

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:541

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:557

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 527
1⤵
PID:558

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.speech.speechsynthesisd
1⤵
PID:559

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.375DE71E-627C-4B6D-B95D-BAF85B9199EC 512
1⤵
PID:561

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:562

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 527
1⤵
PID:563

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:564

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.contacts.donation-agent
1⤵
PID:568

/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.25B9F7BE-612E-4BF5-AF7F-A455D4F12EB4 512
1⤵
PID:587

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.3AA4B4F2-B7ED-4AFC-8AEA-E03D58299904 512
1⤵
PID:588

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.7B270A50-62AF-429E-A732-368BC622114B 512
1⤵
PID:589

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:589

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
b4e598ad626965728fcb95740e32ee81

SHA1
e825c5485d52d373ef80605d73ad6a6e987e4b15

SHA256
217381f09c69339cdbd3270513594eb0e36488b87004ecfc43c157d22f0e9dc2

SHA512
cf2697d3c7852f17d27e2e4c3eb19c9a21d13b55f9321174584625d3fc1ee5e8db0669cb057789d6dc6797027f4b0b4d836e46df49b9fd1fda30936d227dcba6

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
116KB

MD5
e0f034d85667cf98f8afb1f84a7ed3b6

SHA1
8716f06ce8c1d6c1a3817ba23238d6f358e2f0f7

SHA256
4754f2c084ccab3e3ff3cae5bb89c4bc4d1700bd76746415d44694850d40d61d

SHA512
1dfe6756f07df0d4bac7c749b4ba3eede430a086adefd6314d94dea843521ec4723500fd1e3595a5a0e1fe7f5f20e2e50756f556e462ded01587efc1432aacaf

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/A0445472B0BE85076AB781940F900094

Filesize
5KB

MD5
1263d4fd818e3ccdb33bd529075de514

SHA1
80f7989737ffd4f5c0167ed3a2123c704eec624a

SHA256
47f7131ce4913e1d49fda4283aed2824907eec694ed07237cc557952cccfbfe0

SHA512
89b0328ab6ab74e1a8cfc966dc416435377431cccd61f18a17f93c8e7c1ddc76b4a8ed95e67395b7f5c6759df3c296c55546bee3361f3bca44d3baf9e1b75d0f

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/EDFFD0B822E0F7F1231FD7C988951357

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
215KB

MD5
71be678c82352543bde58049e216d960

SHA1
6c404cb5ce66f8c59a8ec6df4675be79b3332d13

SHA256
317651fb4f4ff2b22a640b88818ba374edd18cf96fe7aaec049c25148fa51a42

SHA512
2ec619ead2ed2b4c09f1c21171a2d98a2dd27a176637ebce69916a240e074f275e347344233bc37cef89a28c9195ca4b5fa2e36ef216481e5aeafb32dafef1b9

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
215KB

MD5
432080d275c78a7087fe7eb08b77bfe5

SHA1
3ba413bfd7e854fb23138079c2548ef426ad5382

SHA256
fa81274e3b43351aad79b4a189ad3f9f8c4b45a722d957b8f9796c5c6ee60610

SHA512
f0480c55e1e7e12d304e4c48ad972468536ecaf1203c63745194e1de5514676cdb8e3f3aa9b0027e82155308608e63aad7ed74310b2da99841cfed5bf6b386a3

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
16.6MB

MD5
0634a0a60f0aa8730b10eb4e67d3403d

SHA1
3c8c27a82770cd9aa4aa2ee9935afdc16f50cdcf

SHA256
cccc58186cdb99558c82693612aa128d8cb2a1a4cc434c4a354e4e094766ae74

SHA512
876f5d865d9c4cb7d8d7a67afef1ab6e1a08f32c0daf180b2fa1014e2b04c37a49d9dfbfc61eaeaa8d1f44c25e38892b05173b36267ccd1d7a5547815415dc32

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
16.6MB

MD5
5650e4d070c9f536c63d87927aefd783

SHA1
4b900d1620b289e9dbd1f5297b106e14b2b04bf5

SHA256
7897979a89f3d116f963ed30221a11c16b0dba4c3a2d68826b9d492a8a1e3e37

SHA512
6d447fcaf0738788f87620d6c5f16ddaa15a2a2c5f1c04d02d6d7a10bfa0d9bb75f404bcf76fd5b69774f4dfefe6c7d27968ab79c10fffe5181d920ee47d8a36

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
125KB

MD5
348a3a347a5a0334809f47055f5df46a

SHA1
e66785e2c288f334ef8ae3cdd7a2762724399014

SHA256
db7a76d2e1b4792883d70f2a3de8af8cebb77348e2ca02887185364847e198d4

SHA512
6464ccea6a2c11b8b88357c58dbad17efd37b6453db97626293303780ff0c5a85509b6919861f5422452acfe2a30b77edc18ed739ba18581e189905cac97abfc

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
125KB

MD5
a292fcf22076df8a6b57651a7b62f08e

SHA1
dd1c532c29fcc17cef585e4eb469272d30885d7a

SHA256
254afb7b2268a17151e5410a2e055158f121ef676dad1648b3c0fbc1c7678de9

SHA512
05dd12da402d2e5f70d80acc1d1a2e5ad1450c88c47cb578f68318920473910725eafcff3118bcf1f47b4ba725e7c1d112b504f1e508b95fc381d3c07c0d1d33

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit