Analysis
-
max time kernel
138s -
max time network
104s -
platform
macos-10.15_amd64 -
resource
macos-20241101-en -
resource tags
-
submitted
21-11-2024 04:15
General
-
Target
3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt
-
Size
17KB
-
MD5
1f77f846d3014a6b91e7ba601cec7512
-
SHA1
51ef05c84eea3dde149a5dd3ea9916a824e95afc
-
SHA256
3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218
-
SHA512
6bd8757179b736a239fbd2e5f4e3bdbee52d4d47a968b672ae0d1db5c9c366cd77c1232cf5f99079fdc5bed6abe8985acc25918c5af18891d1833b59aa763c7e
-
SSDEEP
192:SK4zm3TnXEgm3TytbVrT+iiMQuCPX8zYDLsw8IWYgoc30OZb1bFE96MRk+02Og0o:SDUVRaUsYw8hqGbFE96Yk+Lu1Dhk0W7
Score
8/10
Malware Config
Signatures
-
Identifies hardware specifics through system_profiler 2 IoCs
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"osascript /Users/run/3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"osascript /Users/run/3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "osascript /Users/run/3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt"1⤵
-
/bin/zsh/bin/zsh -c "osascript /Users/run/3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt"2⤵
-
-
/usr/bin/osascriptosascript /Users/run/3803279044bccd2aaa4ce2d71960ef60e5fa99ff159975cc506096ee2fec4218.scpt2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Terminal.18041⤵
-
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal1⤵
-
/usr/bin/loginlogin -pf run2⤵
-
/bin/zsh-zsh3⤵
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵
-
-
/usr/bin/localelocale LC_CTYPE4⤵
-
-
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountPolicyHelper1⤵
-
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/bin/shsh -c "echo \$((RANDOM % 9000 + 1000))"1⤵
-
/bin/bashsh -c "echo \$((RANDOM % 9000 + 1000))"1⤵
-
/bin/shsh -c "system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType"1⤵
-
/bin/bashsh -c "system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType"1⤵
-
/usr/sbin/system_profilersystem_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType1⤵
-
/usr/bin/csrutil/usr/bin/csrutil status1⤵
-
/bin/shsh -c "mkdir -p '/tmp/4424'"1⤵
-
/bin/bashsh -c "mkdir -p '/tmp/4424'"1⤵
-
/bin/mkdirmkdir -p /tmp/44241⤵
-
/bin/shsh -c "dscl . authonly 'root' ''"1⤵
-
/bin/bashsh -c "dscl . authonly 'root' ''"1⤵
-
/usr/bin/dscldscl . authonly root1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ViewBridgeAuxiliary1⤵
-
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e