db5d7f84baf1b1e37383273814398ada75b8d1b0b1b4ec9227776f090cbc5870

Analysis

max time kernel
118s
max time network
156s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
21/09/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paste 4.4.0 [MacKed]/Paste.app/Contents/MacOS/macked.app.dylib
Size

2.8MB
MD5

12492c892bad82137dccb08ca271c1e6
SHA1

138b821bf32b75ee3e39ceda66529829f179bb4f
SHA256

3f00d664a9466f8acb2144b693ef36a4d602341f52cfec76fe2c298842fe9b18
SHA512

27952ad46b175349ee97bc5c6b5a7725099de9930e2256a7441f176f4ff70f00946370dc126646db7e021d4e1fe6ddaf5415b2975b513632ed3152d106c32b77
SSDEEP

49152:pRRcOFTsrwhoKb+R98wDd2DOzNjCJgjihy91SLO7ek7K2vBZZkBqu5:HCIqKb+R9/9b711ZkBqe

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 1 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Paste 4.4.0 [MacKed]/Paste.app/Contents/MacOS/macked.app.dylib\""
1⤵
PID:510

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Paste 4.4.0 [MacKed]/Paste.app/Contents/MacOS/macked.app.dylib\""
1⤵
PID:510

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Paste 4.4.0 [MacKed]/Paste.app/Contents/MacOS/macked.app.dylib"
1⤵
PID:510
- /bin/zsh
  /bin/zsh -c "/Users/run/Paste 4.4.0 [MacKed]/Paste.app/Contents/MacOS/macked.app.dylib"
  2⤵
  PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:513

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:513

/usr/bin/bzip2
/usr/bin/bzip2 -f /var/log/wifi.log.0
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.systemstats.daily
1⤵
PID:535

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:534

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...