Overview
overview
4Static
static
1MHAudioConverter.dmg
macos-10.15-amd64
4MediaHuman...verter
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman....dylib
macos-10.15-amd64
1MediaHuman...lur.js
windows7-x64
3MediaHuman...lur.js
windows10-2004-x64
3MediaHuman...lur.js
windows7-x64
3MediaHuman...lur.js
windows10-2004-x64
3MediaHuman...lur.js
windows7-x64
3MediaHuman...lur.js
windows10-2004-x64
3MediaHuman...lur.js
windows7-x64
3MediaHuman...lur.js
windows10-2004-x64
3MediaHuman...low.js
windows7-x64
3MediaHuman...low.js
windows10-2004-x64
3MediaHuman...lur.js
windows7-x64
3Analysis
-
max time kernel
149s -
max time network
161s -
platform
macos-10.15_amd64 -
resource
macos-20241106-en -
resource tags
arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
17/11/2024, 08:37
Static task
static1
Behavioral task
behavioral1
Sample
MHAudioConverter.dmg
Resource
macos-20241106-en
Behavioral task
behavioral2
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter
Resource
macos-20241101-en
Behavioral task
behavioral3
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib
Resource
macos-20241106-en
Behavioral task
behavioral4
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib
Resource
macos-20241101-en
Behavioral task
behavioral5
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib
Resource
macos-20241106-en
Behavioral task
behavioral6
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib
Resource
macos-20241101-en
Behavioral task
behavioral7
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib
Resource
macos-20241106-en
Behavioral task
behavioral8
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib
Resource
macos-20241101-en
Behavioral task
behavioral9
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib
Resource
macos-20241106-en
Behavioral task
behavioral10
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib
Resource
macos-20241101-en
Behavioral task
behavioral11
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib
Resource
macos-20241101-en
Behavioral task
behavioral12
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib
Resource
macos-20241106-en
Behavioral task
behavioral13
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib
Resource
macos-20241106-en
Behavioral task
behavioral14
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib
Resource
macos-20241106-en
Behavioral task
behavioral15
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib
Resource
macos-20241106-en
Behavioral task
behavioral16
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib
Resource
macos-20241106-en
Behavioral task
behavioral17
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib
Resource
macos-20241101-en
Behavioral task
behavioral18
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib
Resource
macos-20241101-en
Behavioral task
behavioral19
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib
Resource
macos-20241106-en
Behavioral task
behavioral20
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib
Resource
macos-20241101-en
Behavioral task
behavioral21
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib
Resource
macos-20241101-en
Behavioral task
behavioral22
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/DirectionalBlur.js
Resource
win7-20240729-en
Behavioral task
behavioral23
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/DirectionalBlur.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/FastBlur.js
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/FastBlur.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/GaussianBlur.js
Resource
win7-20241023-en
Behavioral task
behavioral27
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/GaussianBlur.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/RadialBlur.js
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/RadialBlur.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/RectangularGlow.js
Resource
win7-20241010-en
Behavioral task
behavioral31
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/RectangularGlow.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/Resources/qml/QtGraphicalEffects/ZoomBlur.js
Resource
win7-20240903-en
General
-
Target
MHAudioConverter.dmg
-
Size
43.5MB
-
MD5
307bafff901729560c0d6adbbf6b4a9a
-
SHA1
9215a3f82f8b7101a7a1dcb68485cb0c7fa462e6
-
SHA256
f6e892385fafec46b72709116d3bfc87e802c2e7c8f05908b3c6acfc9eec09ab
-
SHA512
a44b2db54ae62cdae8244057ee9cf0b1cf7b3b659252c819cd4179691b8a0172ce3eec787a1822aa220bf55151370318c8ee4db2a20fbd676bcfc673a7588653
-
SSDEEP
786432:1cYNYiz5PPnh6j8WPVCFaI3PkXb8ABaP5mBzizNbVFIJuTqUOEGIMa:1cYOiFPhQ8WQaIPuwRP5eezt7mueUOEP
Malware Config
Signatures
-
Resource Forking 1 TTPs 5 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
ioc Process /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd Process not Found /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper Process not Found /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper Process not Found /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd Process not Found /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd Process not Found
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"open /Volumes/MediaHuman\\ Audio\\ Converter/MediaHuman\\ Audio\\ Converter.app\""1⤵PID:502
-
/bin/bashsh -c "sudo /bin/zsh -c \"open /Volumes/MediaHuman\\ Audio\\ Converter/MediaHuman\\ Audio\\ Converter.app\""1⤵PID:502
-
/usr/bin/sudosudo /bin/zsh -c "open /Volumes/MediaHuman\\ Audio\\ Converter/MediaHuman\\ Audio\\ Converter.app"1⤵PID:502
-
/bin/zsh/bin/zsh -c "open /Volumes/MediaHuman\\ Audio\\ Converter/MediaHuman\\ Audio\\ Converter.app"2⤵PID:503
-
-
/usr/bin/openopen "/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app"2⤵PID:503
-
-
/usr/libexec/xpcproxyxpcproxy "com.mediahuman.Audio Converter.2332"1⤵PID:508
-
/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"1⤵PID:508
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.92C79705-7B99-4369-9CCA-4D1D9D04F57C1⤵PID:509
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:509
-
/usr/libexec/xpcproxyxpcproxy com.apple.replayd1⤵PID:513
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵PID:514
-
/usr/libexec/xpcproxyxpcproxy com.apple.installd1⤵PID:516
-
/usr/libexec/replayd/usr/libexec/replayd1⤵PID:513
-
/usr/libexec/xpcproxyxpcproxy com.apple.storedownloadd1⤵PID:518
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd1⤵PID:516
-
/usr/libexec/xpcproxyxpcproxy com.apple.system_installd1⤵PID:519
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd1⤵PID:519
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd1⤵PID:518
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd1⤵PID:523
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd1⤵PID:523
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵PID:514
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5111⤵PID:527
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵PID:527
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.7B926CB5-BB6B-404D-884C-95713D5C3B2E1⤵PID:540
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:540
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5111⤵PID:542
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵PID:542