Overview

overview

8

Static

static

1

GPG_Suite-2023.3.dmg

macos-10.15-amd64

8

GPG Suite/Install.pkg

macos-10.15-amd64

8

GPG Suite/...nstall

macos-10.15-amd64

1

GPG Suite/...taller

macos-10.15-amd64

4

Sharing

Copy URL Twitter E-mail

General

  • Target

    GPG_Suite-2023.3.dmg

  • Size

    46.4MB

  • Sample

    241014-awx88stfla

  • MD5

    064c96145dd293086166508e3ee670e8

  • SHA1

    eb37bba499e6ec01a2f2489f68880e9d96a61e59

  • SHA256

    57468a4adc55d954ead4fe1f88b07eac1b70ada40fcbc810765fd521ef21eef1

  • SHA512

    56c47677988d38fa2ab729256add85f78c679c3211e3d7ce44ef7c95d6d608cb4792c318c20aeb26729602f5e601382be810310df13f87db1f00dbfc04783fc3

  • SSDEEP

    786432:HIXfAkegoOdewFn5vaK2y7wiEouiQPnSrKv7GBL9kODls62eoxIGxjdy60CxKF:oXY9gZrMwwiXuiEnZ+ewls6vGx8t0K

Score
8/10
discoveryevasionexecutionmacospersistence

Malware Config

Targets

    • Target

      GPG_Suite-2023.3.dmg

    • Size

      46.4MB

    • MD5

      064c96145dd293086166508e3ee670e8

    • SHA1

      eb37bba499e6ec01a2f2489f68880e9d96a61e59

    • SHA256

      57468a4adc55d954ead4fe1f88b07eac1b70ada40fcbc810765fd521ef21eef1

    • SHA512

      56c47677988d38fa2ab729256add85f78c679c3211e3d7ce44ef7c95d6d608cb4792c318c20aeb26729602f5e601382be810310df13f87db1f00dbfc04783fc3

    • SSDEEP

      786432:HIXfAkegoOdewFn5vaK2y7wiEouiQPnSrKv7GBL9kODls62eoxIGxjdy60CxKF:oXY9gZrMwwiXuiEnZ+ewls6vGx8t0K

    Score
    8/10
    discoveryevasionexecutionpersistence

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

      evasion

    • Installer Packages

      Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.

      persistence

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

      discovery

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence
    behavioral1

    • Target

      GPG Suite/Install.pkg

    • Size

      46.9MB

    • MD5

      ca7b64b17166ff9980ead4bcb7a0f7e9

    • SHA1

      9e7c1a795aadd74c3d554b2d65d5eeb2e77ec62e

    • SHA256

      ab1ea62077b62033c4d73c1940f619f890df68ddc4cebea3032b6e841ddc2fea

    • SHA512

      845e78352dcb7333d8dc6e650549cca60dd5a9efcb9ac611c70c09dd08265eea0a3240c8ebdd80516fc6786f94deabbd6591fae06846ef32e47c63c81aeb1c1a

    • SSDEEP

      786432:IYcxmQ1dc7ofvbY6IrIHd4IxlDd6E61VLPPaW5sjQxCFDAB/czTVYrEQxe/l/q4o:mHqofvkxrI94I/DYE6vXaW5wQxCVAB/x

    Score
    8/10
    discoveryevasionexecutionpersistence

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

      evasion

    • Installer Packages

      Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.

      persistence

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

      discovery

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

      evasion

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence
    behavioral2

    • Target

      GPG Suite/Uninstall.app/Contents/MacOS/Uninstall

    • Size

      181KB

    • MD5

      cf61a83fc3d971420a2a93f9b708dc1f

    • SHA1

      582a94400c8b8fd0472b08083b724a5efa4ecb5b

    • SHA256

      2cc5b61fe0e6abe838cce89899cf2895a508f6d3ac2eeba2570d1978a3e3a328

    • SHA512

      7f74733dd61e2b46c07a1aa27038a467cc46fa861466390aebc4933759a94f2b8656653f81d258ed649a19a921741f47f0292ccfbd7c13d401ab9c09341712d6

    • SSDEEP

      768:fq0jYE4iDBNliTrDNQITIrTcIJI3plsO/CnCX28ovP/iab8Ep0UFG8Kfab8u:R9wrDHplsY2eK9GDfK

    Score
    1/10
    behavioral3

    • Target

      GPG Suite/Uninstall.app/Contents/Resources/GPG Suite Uninstaller.app/Contents/MacOS/GPG Suite Uninstaller

    • Size

      185KB

    • MD5

      b6443038e37c46366c9f6f30ebeb11f0

    • SHA1

      e9018b18b7b484463a9399ce2ea0c0f904c66a08

    • SHA256

      e05ae64e809922ec1b5efe3d02b9cbc440c3d002f55685759418a7a38d2bca62

    • SHA512

      bbb14c103ae8ae3caf58d9fc05cd4f3dfe2c6205a216b9a5b2cd6925774f9b6dcfb124d5fd42f334bb4ca9224bc1abaf647e4efd3fedc3d355ca501559609dd2

    • SSDEEP

      768:fxSinSa51OtD9H85qV68jrxwX7XcoOk7qIsI5IeIHNZCLCz8Tiab8PTYpNV2AzsD:tJOtxNiX7soL2NjNKPNVN1OeKhIK

    Score
    4/10
    evasion
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks