Overview

overview

4

Static

static

3

MiniMeters....8.pkg

macos-10.15-amd64

4

Analysis

  • max time kernel
    15s
  • max time network
    26s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    21/09/2024, 05:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MiniMeters v0.8.8 WiN MAC LiNUX/MiniMeters-macOS-v0.8.8.pkg

  • Size

    24.0MB

  • MD5

    8689e062d1fa7fce8c5d1a9fb7131e7a

  • SHA1

    1fcd0c5c4a3884f1cba1177df145e3935a1d8379

  • SHA256

    d3b93f86db053e309c8b0ecb81f831ef6fa9340431c285aa4dba8d1c1f0ebb06

  • SHA512

    3889c687b5cf845847ca015ff65d12a9867ac3edc233694eb484b5ed4f7a0212fb2d479cf70ec83d85ff9faf68fc09a97fd7077a3000e07e4cab4276c5751e97

  • SSDEEP

    786432:i/hfjsYO5tvt/tdhdIGVH9CG7AOWPUyHuB1pJEfv3Vu:i/hbsFtlvdIsdaOWPUBsnVu

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 5 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"installer -pkg /Users/run/setup.pkg -target /\""
    1⤵
      PID:516
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"installer -pkg /Users/run/setup.pkg -target /\""
      1⤵
        PID:516
      • /usr/bin/sudo
        sudo /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"
        1⤵
          PID:516
          • /bin/zsh
            /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"
            2⤵
              PID:517
            • /usr/sbin/installer
              installer -pkg /Users/run/setup.pkg -target /
              2⤵
                PID:517
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.installd
              1⤵
                PID:518
              • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
                /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
                1⤵
                  PID:518
                • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update
                  /System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Root/Applications/MiniMeters.app
                  1⤵
                    PID:519
                  • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor
                    /System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid
                    1⤵
                      PID:520
                    • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove
                      /System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Root /
                      1⤵
                        PID:522
                      • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update
                        /System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c
                        1⤵
                          PID:523

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Boms/com.josephlyncheski.minimeters-au.pkg.bom
                                Filesize

                                36KB

                                MD5

                                22cf22814f4e4816afb1bfa004a37e16

                                SHA1

                                926deb2896eb70b6abf0cf23e72c37a90ef78170

                                SHA256

                                a21200552b8167bafecffbe047dc004e133740f281cca0f7acef5ce0a24d3fad

                                SHA512

                                a1246bacb1af062807c92a3186eec0e4b342f2fb7d241218204e65e6b35a7a085cbc90e2ffe83a9ba00106eaa4542f7b9602028b8d6ddc48e7434acaf092ce85

                                Download Submit

                              • /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Boms/com.josephlyncheski.minimeters-clap.pkg.bom
                                Filesize

                                35KB

                                MD5

                                b27e0e2b23ec8fb3a4f709eb225c206d

                                SHA1

                                95dbba9ec7fc8cb8aa61cc990b13ca13a964c2e4

                                SHA256

                                099146f4b47b2f648b292f863b29e52998631696430804d604a9d4b77778d764

                                SHA512

                                12b1c551be9007620a5dc29005abe001c64ebfa90493913bd811e07a5c966744174fce90d56bf71e19250169a809485603668bee376b9925ba493ba4fd9c4236

                                Download Submit

                              • /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Boms/com.josephlyncheski.minimeters-vst3.pkg.bom
                                Filesize

                                35KB

                                MD5

                                a707d7c59d140c1ffc6db0bd098d86c2

                                SHA1

                                bb6df01d71a179f069734dc1cc2e2b9b32a96739

                                SHA256

                                84bb049c0fa030f42b536bd6607bf607913791ca3f9d3af886436de73fd8bcc9

                                SHA512

                                6962bbf500457f8f03a009f6a5d5e521a77fb085d3cc6f3d6c920e765706e818480d17c1a1d4595c9d4d2a82fce14d231929a21cd3b7d1773fb5dae4018ee37f

                                Download Submit

                              • /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Boms/com.josephlyncheski.minimeters.pkg.bom
                                Filesize

                                36KB

                                MD5

                                8fa2ac4bdad6214c913ea42b237f8eb2

                                SHA1

                                5025cd2bf1124ee6468900e1fed1759f548e8f42

                                SHA256

                                7fdc8cc66adc626a06653cd53996e4f34898121f92db1d9ee4a94a64f31dc7f5

                                SHA512

                                d7e454dbb3af7d542071477f265787d968381f8cec56c2f0e41eda5fab8efb07854f09d6f642dbe37c6bd4458c21b3b0d632084106cdf041d6f5e942581c6a70

                                Download Submit

                              • /Library/InstallerSandboxes/.PKInstallSandboxManager/18631326-7233-4E52-AFE6-A090D31533CC.activeSandbox/Root/Applications/MiniMeters.app/Contents/Info.plist
                                Filesize

                                1KB

                                MD5

                                8d27e57a4613763e159c26c513875aa8

                                SHA1

                                9721fdff5b8f400a5cf0b69631eb3a3d1471bd32

                                SHA256

                                9d0ba65c2ff95a015ef192d1f4d72f58f1e8c8ae9447cb30b12a3760f46596ea

                                SHA512

                                c14d0e06404e2b9b2fc98aa121d3f22eba37e84f9fd1d7e4578bf4869dd7b2f8e46366580d1839d5309f575ff7f150366a137f262e50bdeea88ca8e062c0fb2b

                                Download Submit

                              • /private/var/run/installd.commit.pid
                                Filesize

                                3B

                                MD5

                                ebd9629fc3ae5e9f6611e2ee05a31cef

                                SHA1

                                0486ffb0d9c84cf1c38a7024c5284f0a2c411070

                                SHA256

                                8952115444bab6de66aab97501f75fee64be3448203a91b47818e5e8943e0dfb

                                SHA512

                                14c34e7007372d6c6e05daec4706ed8d4df3ffe0dec73410bb9232d77777890b800bcd826317e98a52c17c7e5dfcb4450caaac4d0a7bebc582eb3366381e391b

                                Download Submit