Analysis
-
max time kernel
56s -
max time network
50s -
platform
macos-10.15_amd64 -
resource
macos-20240711.1-en -
resource tags
-
submitted
21/10/2024, 08:58
General
-
Target
14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
-
Size
8.8MB
-
MD5
06bd47b8ec7e6277dc6c8842d00f7243
-
SHA1
23f3b070aad47f72ddf2d148f455cce2266901fd
-
SHA256
14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
-
SHA512
299febd21383786c542d8fa79dc6d04aba61675c82ab889da9987404d2a78fd036ffab8b88712152b1ec57f06db4960e9391b6fc1c5fed447e48effb8aefbd50
-
SSDEEP
49152:m+9o0usEBuQ61RnzrmY+PLXkQF/S/BlFayqYETg2M5Ozv75Eaa9qPESp7bZ1uASW:vhEU+wQF/sP23Eaa9SE0uToBCq
Malware Config
Signatures
-
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d311⤵
-
/bin/zsh/bin/zsh -c /Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d312⤵
-
-
/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d312⤵
-
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon1⤵
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.EE736705-4471-497E-A1FC-F1EACD90087E 5281⤵
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper1⤵
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Terminal.21001⤵
-
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal1⤵
-
/usr/bin/loginlogin -pf run2⤵
-
/bin/zsh-zsh3⤵
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵
-
-
/usr/bin/localelocale LC_CTYPE4⤵
-
-
-
-
/usr/bin/loginlogin -pf run2⤵
-
/bin/zsh-zsh3⤵
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵
-
-
/usr/bin/localelocale LC_CTYPE4⤵
-
-
/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d314⤵
-
-
-
-
/usr/bin/loginlogin -pf run2⤵
-
/bin/zsh-zsh3⤵
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵
-
-
/usr/bin/localelocale LC_CTYPE4⤵
-
-
/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31/Users/run/14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d314⤵
-
-
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper1⤵
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
612B
MD571cb6c4ee7c8b2608365909b827fb49b
SHA112def7241b4bb34fba324b60b11cef8cf558730d
SHA256c32d668769cd7e273cf4e1268b14bb59930d584f6aba54d0b9d3675882879cb1
SHA5128c108a10bd015a6c1125667a3d4866ebefcef2f41a20766a300b7f7140a8615a6f752e9b74258cc0ac264ca2160f24e8f8129ad1468c5165c910346be0a163fd