b20bf08da397830ce1a586f0974c59df3dda4ca1847d265a776ab2f2b4bb159b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

sa-mp-002.png

macos-10.15-amd64

8

Sharing

General

Target

sa-mp-002.png
Size

2.4MB
Sample

240919-x9klmawfmh
MD5

49baf03eca8dd62f49eff7255e66573f
SHA1

6766ed83ff5907138ea35235dc119155ed54d6b7
SHA256

b20bf08da397830ce1a586f0974c59df3dda4ca1847d265a776ab2f2b4bb159b
SHA512

72c9caf8b02c40411cf22505ddf9c60851d710e30b42cd102f9e1ac66d03f0d3e42f682f2edaa74d034e291bc84e6516f6ce7b3cc2c9482928c76a293160dc06
SSDEEP

49152:tFwgmMft/VQjOOm17Uir8BF2YvcaC0aLc7s8IFoA5+llp9en8K+iD6p0VW:ARMft/B17Pr8aY7s4vG6KW

Score

8^/10

discovery evasion macos

Static task

static1

Behavioral task

behavioral1

Sample

sa-mp-002.png

Resource

macos-20240711.1-en

discovery evasion

macos-10.15-amd64

5 signatures

1200 seconds

Malware Config

Targets

- Target
  
  sa-mp-002.png
- Size
  
  2.4MB
- MD5
  
  49baf03eca8dd62f49eff7255e66573f
- SHA1
  
  6766ed83ff5907138ea35235dc119155ed54d6b7
- SHA256
  
  b20bf08da397830ce1a586f0974c59df3dda4ca1847d265a776ab2f2b4bb159b
- SHA512
  
  72c9caf8b02c40411cf22505ddf9c60851d710e30b42cd102f9e1ac66d03f0d3e42f682f2edaa74d034e291bc84e6516f6ce7b3cc2c9482928c76a293160dc06
- SSDEEP
  
  49152:tFwgmMft/VQjOOm17Uir8BF2YvcaC0aLc7s8IFoA5+llp9en8K+iD6p0VW:ARMft/B17Pr8aY7s4vG6KW
Score

8^/10

discovery evasion
- Path Permission
  Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Gatekeeper Bypass
  Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
  evasion
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hide Artifacts

Resource Forking

Indicator Removal

File Deletion

Subvert Trust Controls

Gatekeeper Bypass

Credential Access

Discovery

File and Directory Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2025

Terms | Privacy