1a241e5fdd24b966d0715b9fff900fc73448f6ff2f0188503679f9337953c087 | Triage

Submit
Reports

Overview

overview

4

Static

static

1

iFlyDown_Mac.dmg

macos-10.15-amd64

4

.ds_store

macos-10.15-amd64

1

.VolumeIcon.icns

macos-10.15-amd64

4

.VolumeIco...erinfo

macos-10.15-amd64

1

Analysis

max time kernel
79s
max time network
72s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
13/10/2024, 12:40

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

iFlyDown_Mac.dmg

Resource

macos-20240711.1-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

.ds_store

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

.VolumeIcon.icns

Resource

macos-20240711.1-en

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

.VolumeIcon.icns:com.apple.finderinfo

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

.ds_store
Size

16KB
MD5

824244f18d1e4cefb995d98a2d257765
SHA1

75d77c08331cec0322411090c2933985617e0368
SHA256

842fc746a26e026f29060315df4ca28103cead4858905253bd0bdf2a64719bb9
SHA512

8ecb8ee20850f7283cef2ba3d7fb7bb635393f2c75abc783ce6edd75c6f84339bd2e1fbe4bf5ee3aa53bfa9accb4f1c174737a72bda4cb52b23af549c49c2907
SSDEEP

48:Drujp+2sIdCVQ7zjAubmEv8IhdbCnXnL:DyVRsId0gh6EDDbwn

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/.ds_store\""
1⤵
PID:487

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/.ds_store\""
1⤵
PID:487

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/.ds_store
1⤵
PID:487
- /bin/zsh
  /bin/zsh -c /Users/run/.ds_store
  2⤵
  PID:489
- /Users/run/.ds_store
  /Users/run/.ds_store
  2⤵
  PID:489

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:531

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:531

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:532

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:533

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy