General
-
Target
a.txt
-
Size
685B
-
Sample
241023-x78knsycjj
-
MD5
1583d79b507aa32fc1f4c8a43745c51c
-
SHA1
361958b50b463dfdd9ac2b0887e960e9199cbb2c
-
SHA256
2ddeb101f609f7df5ee7f2d117b001ead6f42ad9335e6043f1e68bda1ce41a36
-
SHA512
094687f2259597a30d995db4873cf77ee37a5d90cab44a62598806f32fefaf476c88636ed18349d364e3ed519d91c21bf747fbac526f98e1298882c0c3cdd466
Static task
static1
Behavioral task
behavioral1
Sample
a.txt
Resource
macos-20240711.1-en
Malware Config
Targets
-
-
Target
a.txt
-
Size
685B
-
MD5
1583d79b507aa32fc1f4c8a43745c51c
-
SHA1
361958b50b463dfdd9ac2b0887e960e9199cbb2c
-
SHA256
2ddeb101f609f7df5ee7f2d117b001ead6f42ad9335e6043f1e68bda1ce41a36
-
SHA512
094687f2259597a30d995db4873cf77ee37a5d90cab44a62598806f32fefaf476c88636ed18349d364e3ed519d91c21bf747fbac526f98e1298882c0c3cdd466
-
Path Permission
Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Exfiltration Over Alternative Protocol
Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
-
Queries the macOS version information.
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
-
Gatekeeper Bypass
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
-
Legitimate hosting services abused for malware hosting/C2
-
File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
-
Launch Agent
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hide Artifacts
1Resource Forking
1Indicator Removal
1File Deletion
1Subvert Trust Controls
1Gatekeeper Bypass
1