Overview

overview

10

Static

static

10

Mamba.apk

windows10-1703-x64

3

Mamba.apk

windows7-x64

3

Mamba.apk

windows10-2004-x64

3

Mamba.apk

windows11-21h2-x64

3

Mamba.apk

android-10-x64

8

Mamba.apk

android-11-x64

8

Mamba.apk

android-13-x64

7

Mamba.apk

android-9-x86

8

Mamba.apk

macos-10.15-amd64

4

Mamba.apk

debian-12-armhf

Mamba.apk

debian-12-mipsel

Mamba.apk

debian-9-armhf

Mamba.apk

debian-9-mips

Mamba.apk

debian-9-mipsel

Mamba.apk

ubuntu-18.04-amd64

Mamba.apk

ubuntu-20.04-amd64

Mamba.apk

ubuntu-22.04-amd64

Mamba.apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    84s
  • max time network
    123s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    06/10/2024, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mamba.apk

  • Size

    3.7MB

  • MD5

    d02b0501f9c6c00b8406569ed26a9d14

  • SHA1

    81803b06d7ea99d13f23b5a71748f76fc1f2fe66

  • SHA256

    935239d2374a38a65119405fd8e028cb1b529ae2b05cd77b2840a8cd23a4e5c4

  • SHA512

    f07d2932b431042ab55e4e22a5ea5ea77c89c20e9171136192aa08f476d450281ca2f2ab7f4d3b67e7c3b698a04228d9437b4684475b0f9d18ab48e174254cec

  • SSDEEP

    49152:B1XEXZU/eRw/OJ12Lf1LJqANer46mznzdGGoQTOfiUOYq00cgAQv25ikTYI+4:BNgZUq2Y12b1BN6mznzBvTE0tAQkN

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 2 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Mamba.apk\""
    1⤵
      PID:488
    • /usr/libexec/xpcproxy
      xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
      1⤵
        PID:489
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/Mamba.apk\""
        1⤵
          PID:488
        • /usr/bin/sudo
          sudo /bin/zsh -c /Users/run/Mamba.apk
          1⤵
            PID:488
            • /bin/zsh
              /bin/zsh -c /Users/run/Mamba.apk
              2⤵
                PID:491
              • /Users/run/Mamba.apk
                /Users/run/Mamba.apk
                2⤵
                  PID:491
              • /usr/libexec/xpcproxy
                xpcproxy com.oracle.java.Java-Updater
                1⤵
                  PID:490
                • /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                  /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                  1⤵
                    PID:485
                  • /System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
                    "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
                    1⤵
                      PID:483
                    • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                      /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                      1⤵
                        PID:489
                      • /usr/libexec/pkreporter
                        /usr/libexec/pkreporter
                        1⤵
                          PID:487
                        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                          1⤵
                            PID:490
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.sysmond
                            1⤵
                              PID:515
                            • /usr/libexec/sysmond
                              /usr/libexec/sysmond
                              1⤵
                                PID:515
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.audio.AudioComponentRegistrar
                                1⤵
                                  PID:518
                                • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                  /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                  1⤵
                                    PID:518
                                  • /bin/launchctl
                                    /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                    1⤵
                                      PID:525
                                    • /bin/launchctl
                                      /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                      1⤵
                                        PID:526
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                        1⤵
                                          PID:530
                                        • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          1⤵
                                            PID:530

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads