Resubmissions

21-11-2024 22:49

241121-2rmqgsyncx 10

21-11-2024 22:48

241121-2q8xbsyncv 10

21-11-2024 22:47

241121-2q17gsynb1 10

21-11-2024 20:46

241121-zkkw7sxnbv 10

Analysis

  • max time kernel
    1269s
  • max time network
    1801s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    21-11-2024 22:49

General

  • Target

    e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe

  • Size

    460KB

  • MD5

    1ea6c706135b5f269892ce08293181ba

  • SHA1

    18b8fc98df365b795fdf74eede58e53590084b75

  • SHA256

    e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54

  • SHA512

    81874e1314077b56782a59625db33297955d0b47514ed9115d6f0584af7b31250fa69c985e93f1c5b67c3d4c3a790a5dc3ba28325f5b8952f8e0b0bfb3e53f99

  • SSDEEP

    6144:b96ZhRWIiMiCIF1DXBVmdCeyNAxR/oLgC+j9Jbnndik1IysdF3bQQYs8bt:b96Z/niySBVmZy2vuMJJr8k1IysdZcQq

Score
4/10

Malware Config

Signatures

  • Resource Forking 1 TTPs 2 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe\""
    1⤵
      PID:464
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe\""
      1⤵
        PID:464
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
        1⤵
          PID:464
          • /bin/zsh
            /bin/zsh -c /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
            2⤵
              PID:466
            • /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
              /Users/run/e284b1829c0e0502ed5051933375c0b35c67c4f134e3122abcdf1de91cc20a54.exe
              2⤵
                PID:466
            • /usr/libexec/pkreporter
              /usr/libexec/pkreporter
              1⤵
                PID:453
              • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                1⤵
                  PID:456
                • /System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
                  "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
                  1⤵
                    PID:448
                  • /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                    /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                    1⤵
                      PID:450
                    • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                      "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                      1⤵
                        PID:458
                      • /usr/bin/bzip2
                        /usr/bin/bzip2 -f /var/log/wifi.log.0
                        1⤵
                          PID:492
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.spindump
                          1⤵
                            PID:505
                          • /usr/sbin/spindump
                            /usr/sbin/spindump
                            1⤵
                              PID:505
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.diagnosticd
                              1⤵
                                PID:506
                              • /usr/libexec/diagnosticd
                                /usr/libexec/diagnosticd
                                1⤵
                                  PID:506
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.systemstats.daily
                                  1⤵
                                    PID:507
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.newsyslog
                                    1⤵
                                      PID:508
                                    • /usr/sbin/newsyslog
                                      /usr/sbin/newsyslog
                                      1⤵
                                        PID:508
                                      • /usr/bin/bzip2
                                        /usr/bin/bzip2 -f /var/log/wifi.log.0
                                        1⤵
                                          PID:509

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • /var/log/wifi.log.0

                                          Filesize

                                          126B

                                          MD5

                                          b6a96527b251aa5d7ff4f173d8b910ea

                                          SHA1

                                          827d2f0f8f85e05b0443ea827828b2e247748bbc

                                          SHA256

                                          db4361e25fa58793d0238f9d7ff25296b9b0a4e9e42aae8670b2a8c638096dbe

                                          SHA512

                                          3ebcdeaedd3d449da323a23b0bd94bc66dcacc5c09816740df16eed7c4b2048c8b32f2b1a7c824cfb67a0c65b8769c6655e646d047ed18c2a9d253e7c093216d