Analysis

  • max time kernel
    78s
  • max time network
    108s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    03-12-2024 12:23

General

  • Target

    Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib

  • Size

    79KB

  • MD5

    5d044034e7f29fce4c9737e5601356b0

  • SHA1

    24d65d0796557400203f28613549b97d623a3665

  • SHA256

    521511d3d2c3f1ee5d8193ddf28ac3ce8b5b0ed2fc9486b66d925998c41282a5

  • SHA512

    9081c50aeb281f7c969736cdc73587036978de76aea7f7552ff1513ab81711365211b375961e47d85ca2735dfa69756cfa07c66b73cdb8190477739e680b66ea

  • SSDEEP

    384:EwObVLtHvM1WJtLcTVBxmW8x2baMu1zpYghfilVvxRYRIynmW88:EweZvMgJaFmXuaMu1zpYghfilVvM8

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib\""
    1⤵
      PID:488
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib\""
      1⤵
        PID:488
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib
        1⤵
          PID:488
          • /bin/zsh
            /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib
            2⤵
              PID:489
            • /Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib
              /Users/run/Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib
              2⤵
                PID:489

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads