Resubmissions
21-11-2024 22:49
241121-2rmqgsyncx 1021-11-2024 22:48
241121-2q8xbsyncv 1021-11-2024 22:47
241121-2q17gsynb1 1021-11-2024 20:46
241121-zkkw7sxnbv 10Analysis
-
max time kernel
1269s -
max time network
1801s -
platform
macos-10.15_amd64 -
resource
macos-20241106-en -
resource tags
arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
21-11-2024 22:49
Static task
static1
Behavioral task
behavioral1
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
macos-20241106-en
Behavioral task
behavioral4
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral5
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral6
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral7
Sample
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
Resource
debian9-mipsel-20240729-en
General
-
Target
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
-
Size
460KB
-
MD5
1ea6c706135b5f269892ce08293181ba
-
SHA1
18b8fc98df365b795fdf74eede58e53590084b75
-
SHA256
e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54
-
SHA512
81874e1314077b56782a59625db33297955d0b47514ed9115d6f0584af7b31250fa69c985e93f1c5b67c3d4c3a790a5dc3ba28325f5b8952f8e0b0bfb3e53f99
-
SSDEEP
6144:b96ZhRWIiMiCIF1DXBVmdCeyNAxR/oLgC+j9Jbnndik1IysdF3bQQYs8bt:b96Z/niySBVmZy2vuMJJr8k1IysdZcQq
Malware Config
Signatures
-
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
ioc Process /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer Process not Found "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck Process not Found
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe\""1⤵PID:464
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe\""1⤵PID:464
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe1⤵PID:464
-
/bin/zsh/bin/zsh -c /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe2⤵PID:466
-
-
/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe2⤵PID:466
-
-
/usr/libexec/pkreporter/usr/libexec/pkreporter1⤵PID:453
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵PID:456
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"1⤵PID:448
-
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd1⤵PID:450
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵PID:458
-
/usr/bin/bzip2/usr/bin/bzip2 -f /var/log/wifi.log.01⤵PID:492
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:505
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:505
-
/usr/libexec/xpcproxyxpcproxy com.apple.diagnosticd1⤵PID:506
-
/usr/libexec/diagnosticd/usr/libexec/diagnosticd1⤵PID:506
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemstats.daily1⤵PID:507
-
/usr/libexec/xpcproxyxpcproxy com.apple.newsyslog1⤵PID:508
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵PID:508
-
/usr/bin/bzip2/usr/bin/bzip2 -f /var/log/wifi.log.01⤵PID:509
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126B
MD5b6a96527b251aa5d7ff4f173d8b910ea
SHA1827d2f0f8f85e05b0443ea827828b2e247748bbc
SHA256db4361e25fa58793d0238f9d7ff25296b9b0a4e9e42aae8670b2a8c638096dbe
SHA5123ebcdeaedd3d449da323a23b0bd94bc66dcacc5c09816740df16eed7c4b2048c8b32f2b1a7c824cfb67a0c65b8769c6655e646d047ed18c2a9d253e7c093216d