92d69b264f4f3d4c2f5ba4fd5c4700c2197b20d1ceea75c38a968be91ea6dc13 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

DocuSignWITWB.dmg

macos-10.15-amd64

8

DocuSignWI..._store

macos-10.15-amd64

1

DocuSignWI...nwitwb

macos-10.15-amd64

8

DocuSignWI...n.icns

macos-10.15-amd64

1

DocuSignWI...K3.png

macos-10.15-amd64

1

DocuSignWI...e:rsrc

macos-10.15-amd64

1

DocuSignWI...rminal

macos-10.15-amd64

1

Analysis

max time kernel
69s
max time network
152s
platform
macos-10.15_amd64
resource
macos-20241101-en
resource tags

arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
20-11-2024 18:06

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

DocuSignWITWB.dmg

Resource

macos-20241106-en

discovery evasion execution exfiltration

macos-10.15-amd64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

DocuSignWITWB/.ds_store

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

DocuSignWITWB/.docusignwitwb

Resource

macos-20241106-en

evasion exfiltration

macos-10.15-amd64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

DocuSignWITWB/.VolumeIcon.icns

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

DocuSignWITWB/.background/SySbK3.png

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

DocuSignWITWB/DocuSignWITWB.file:rsrc

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

DocuSignWITWB/Terminal

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

DocuSignWITWB/.ds_store
Size

10KB
MD5

f854d3d7202a23ee18028720bfd7da24
SHA1

44fa593f8713b920aab3f078e1b82ceeb5007897
SHA256

a53477c141b8d0ca6ad4e2d924483c6da2d358e5aab7403861cfcdeebcd6eda8
SHA512

1d22737408140fc006b2e6512464a60fc83a591c576524cd9e46b53218033fe01cf4af0dd1d105f196ef9abc66fe2f4e894ebf02dec54d84f21eab9889c01fff
SSDEEP

96:C3VgcW3SF/q4t4hxpl1eCr52E7a76hxplc:C3Of3SZS1OgOOc

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/DocuSignWITWB/.ds_store\""
1⤵
PID:447

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/DocuSignWITWB/.ds_store\""
1⤵
PID:447

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/DocuSignWITWB/.ds_store
1⤵
PID:447
- /bin/zsh
  /bin/zsh -c /Users/run/DocuSignWITWB/.ds_store
  2⤵
  PID:450
- /Users/run/DocuSignWITWB/.ds_store
  /Users/run/DocuSignWITWB/.ds_store
  2⤵
  PID:450

/usr/libexec/xpcproxy
xpcproxy com.apple.nsurlstoraged
1⤵
PID:478

/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
1⤵
PID:478

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/var/db/nsurlstoraged/dafsaData.bin

Filesize
54KB

MD5
64f469698e53d0c828b7f90acd306082

SHA1
bcc041b3849e1b0b4104ffeb46002207eeac54f3

SHA256
d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

SHA512
a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Download Submit

© 2018-2025

Terms | Privacy