Analysis
-
max time kernel
124s -
max time network
151s -
platform
macos-10.15_amd64 -
resource
macos-20240711.1-en -
resource tags
-
submitted
29-09-2024 15:07
General
-
Target
2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe
-
Size
177KB
-
MD5
57d29110ef89127a3ea71d153b14b72f
-
SHA1
905ac95d9dcb526136fb43bf61170b7f4fd19266
-
SHA256
d57abb0dcb9cf1a2a5a92303f8644a28681bff6a86b3e5d1ebc17dc66655ba69
-
SHA512
0c598ba0f23f7646d867e473a7f119ddc71eebe10ef154e7243c5c9224946b79b2b95b9f67f917721ca6565454dd51c76759823b077ea8a0962224665a7251fc
-
SSDEEP
3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9N0k:5SeOQdaZNxtk8cqhSxvHY9r
Malware Config
Signatures
-
EvilQuest
EvilQuest family.
-
EvilQuest payload 6 IoCs
-
Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
-
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
AppleScript 1 TTPs 38 IoCs
AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.
-
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
-
Launchctl 1 TTPs 64 IoCs
Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.
Processes
-
/usr/bin/xar/usr/bin/xar -c -f dslocal-backup.xar dslocal1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.gkreport1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe\""1⤵
-
/usr/libexec/gkreport/usr/libexec/gkreport1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemstats.daily1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe\""1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.loginwindow.LWWeeklyMessageTracer1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe1⤵
-
/bin/zsh/bin/zsh -c /Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe2⤵
-
-
/Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe/Users/run/2024092957d29110ef89127a3ea71d153b14b72fadloadevilquestrekoobe2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.newsyslog1⤵
-
/usr/libexec/xpcproxyxpcproxy com.oracle.java.Java-Updater1⤵
-
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd1⤵
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"1⤵
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵
-
/usr/libexec/pkreporter/usr/libexec/pkreporter1⤵
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.authtrampoline1⤵
-
/System/Library/Frameworks/Security.framework/authtrampoline/System/Library/Frameworks/Security.framework/authtrampoline1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash.Root1⤵
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156B
MD5ee40741981922a61a97fd63801a67902
SHA136d87a973bf3570b3bd8f747880fc512723b56d3
SHA2562534c5bd95db58b691fd9a3d8328de3f3b450439082cb6916316488daf3b8b94
SHA5125e13a587429a71ff69a63e47b0820e9f1d68ecc208e5e435a09ba42257c417c5389430adc48ae653d68366457f4c65cb292a3ab955aae300222fbd2ed44a3950
-
Filesize
156B
MD528619ab47f61cdbb0b230b79e9bfc496
SHA10d3b66a8714540fd7734797ef6e049ab7f2ff786
SHA256fdf8a66c27588ff63660d4110081d74877efb7fde5616527fd8a201030b2deca
SHA5124516b52cae0e5376a4eed7d5eececfe99a24d474de90297a48e71b370cba170297ce4ddcca4c325bcf14307ea4e46d4193703b1fda63354b576961c71f654bf0
-
Filesize
156B
MD5fdcc6f8b1e57a98b2f80d037e7c8210c
SHA10b13e2c015f446b6831306efc70327a57be3dff8
SHA25653169c83fee9d713684a21b84b5e7b1ac66ae02c6845aa59168184f9ca137479
SHA512c0f403bdff64d5e7a2586a6511f874086c7fe5ae6ac337f12e8965bd45a1c511e4f04b503eded9b27495a6604989099a8a8d94c857481f6e4941591883748877
-
Filesize
156B
MD5f1dab287cb31b21de9cceb06fc4f2d83
SHA15985166a1c0c5bc65afafdcbbd6eb8b9b14f1cb5
SHA256959927cabe702efbfad6979bc09af30ef4f18b7aeeb15de041b43cbf97309537
SHA512e290457050c02e3f60abcc8db92df2e580404c380d244903593b8a1870873ee31e57300f741656376b0fa7bd9f84f5e6a006ce61c8ea50161ead77b3ee14b642
-
Filesize
143B
MD522adf878f2a97e6e60c1cc2b82a87032
SHA1ecca21e3c351721c84b0be3d666d23e8d7cb51d8
SHA2567d9e80f3a5b06f6dbb8c7311532d4e49ff913a2223de1ed446fa32389ef47664
SHA512c4bbd9267e098b4fd7c9cd3e2369350edca581ea5f6946d46c02b30958be63d2a881fc6f49aa79a4868a95f3f2ec0ec2e2c6831eabd1d6a8b97c511cb501fc81
-
Filesize
143B
MD5ed229902e666354a355f494414dfefa3
SHA1a4b7aa67f3ffeca867e6b7ab28f197a57484e2a4
SHA2560cc5b03f0a91c91c85cf5932939c418aa3d81a5af716ed8b28ab3b45bac7c0c4
SHA512a75eae2669fd9de7bfd5f4cabbb60aa41d93d59fe310da862a4c6eb3091fe8cefdb46bdd7e31a293a61a7b8390b10a48146baf066ba181db75474b15352d32b6
-
Filesize
143B
MD5e4ffb95834544e74cdbeb20bbd655cd0
SHA148ecdba787bcbcfec81a39d201ae4622ef5b88e8
SHA256871ff0234e0fc9b941b7745bd959db8b365d83b56f363304d378831b6ac26d7a
SHA512ec0dffa23360c273b8106cb2cc44ef2a432e99c704c9044006966ef19d766d7a1b7df4782103953386ef53d1df5b56b255be49a377469b978ad48e9b07e7d10b
-
Filesize
143B
MD53772d918ff8d9eb715272f4c9602a31b
SHA1995c83371128312e24d0e51f9e494b2afb267d87
SHA256c7b9f0f61b74f95a4e9b51c24e93f3a44716e28235e88e848cecdb6395d1ea17
SHA5125793fc20e5bfb7544618f63d6d7f3bc1011822c943bf4154c39c5871e15a8549504ae5c7740d92baff04b1c7184de6d68b449c6b8126589d2ad9895d366c0540
-
Filesize
168KB
MD5492db88e8f8122cfb4ddb6af079756c6
SHA180a41885f7abae4e5f5f8915c655dbfc33008a33
SHA25649efd4ea98798ae96fd7b16f86382f40ffc4495ca1a7411d49d93f1847a8cc2a
SHA512117f2ac84dca7d1f134a5b2c42e33324ae9a5cc97b22773821c5092927be95873057e07f58d825ec9cd6ccc2612e394a7f89f632f95798df0d773599de0b6d42
-
Filesize
168KB
MD5c7603829197fca6839b24d57b3b25e4d
SHA1497a20f4f1686d94712787aacf590c69d9c7b778
SHA256d48fde996c7e7244825313c0767cd2a16df1ddfb567903faf3b39476e526fabd
SHA5128bf8ed81c76cbd2275a7da9dd19d95fef821893a298b26a26cebe972186772ecec2e88ba1aa7b19ad752ac743c0550927c4affdec0e379565bd9184fa349a772
-
Filesize
168KB
MD5bc21f398fbfa87fc4d645df0b4b2cae8
SHA106a0c5553d65a62a1f898042cf1841e174126cfe
SHA25666a205ab6398671d1fcb6feae1bb1840e741ee4c7380eccd2da53c3b38a9d180
SHA51201b49278408207437fe0a38bf4050cc1a2b29f9b0216a597fe652c9aafbe567cbf54b241dc96ebf564787e6e6744c57e820de4b472366d6bfd06501f4196f612
-
Filesize
168KB
MD5f957324f094e4868eb409e816d18dfd1
SHA1ca91ab2cd0a7a1d56bca6fba989e128f31d7abb1
SHA256446ab4fe3a6062c0a0fbf0432efde97813fa6fcda18ca3ed978cafde5db8218b
SHA5125392aee45367c3daefb31c0fd0a1e576885a5e31eab59e4b04dfd4fec0389d0b046d6a19fee7d86b507d79b4659059cd0d65b78dc4e9ccc0a8d1ff71861295c7
-
Filesize
168KB
MD57a0f620b32cbeb1b6d374c759e98fb8f
SHA1646023e8bff3f0ab4cbce763090a725723b8e414
SHA256667362571221949c7dfe8f0888815683dd2d3be4ea6f5b3d2531546b9ff7f08a
SHA5124ac117114c99d06fcf4e4d1064ed9fcc6628beb4f0d7ff8eaba88678119534389e3459375971d46b84795637c4fdb990a75fc8bcf13cb767a17ef6cb5980d197
-
Filesize
429B
MD5b29145cf94cd1ef0d81552c333c3603a
SHA14095a7b7b982b8875a6256919b7d80c50b0a2799
SHA2562cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc
SHA512fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0
-
Filesize
168KB
MD596402773af9f02c36c8a4fae8e0f31a1
SHA17232b14cb60be8b1755fd482344fa66cd722c056
SHA256398e77d99461b3be0f9c0c8731a5c52cd6125a6e4a68830d7118d40c6f4f0dc9
SHA512716106de87cc52a567cd469dd5632057d29d5144ce9059f8a6e115c8b9edf44a4ee55b5fb934165d282692e907348689a28af26500c70c1cb2b97ff3222ed1b9