Overview

overview

10

Static

static

10

2024-12-23...ekoobe

macos-10.15-amd64

1

Analysis

  • max time kernel
    48s
  • max time network
    124s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241101-en
  • resource tags

    arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    23-12-2024 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe

  • Size

    337KB

  • MD5

    ba16088a21a5974f3ab531b603e6e9e3

  • SHA1

    172162220ab5b99958393a6351ef584fea369216

  • SHA256

    33248506b478c13d59aeae9feb3ac5222d379af019bf2130499edd03dc0cd50e

  • SHA512

    49208e855f14e34dd1236b1fa72087b1080dc48124547a68c807c1f51e432e7100fe9db902bdb16b941b8ff91917c36661cfd5326440e7d002eff785530e64b1

  • SSDEEP

    6144:5SeOQdaZNxtk8cqhSxvHY9eSeOQdaZNxtk8cqhSxvHY9ZuZf:5LOQdaDxq8cqavHYwLOQdaDxq8cqavHY

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe\""
    1⤵
      PID:473
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe\""
      1⤵
        PID:473
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe
        1⤵
          PID:473
          • /bin/zsh
            /bin/zsh -c /Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe
            2⤵
              PID:474
            • /Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe
              /Users/run/2024-12-23_ba16088a21a5974f3ab531b603e6e9e3_adload_evilquest_rekoobe
              2⤵
                PID:474
            • /bin/sh
              sh -c "sysctl -n hw.ncpu"
              1⤵
                PID:475
              • /bin/bash
                sh -c "sysctl -n hw.ncpu"
                1⤵
                  PID:475
                • /usr/sbin/sysctl
                  sysctl -n hw.ncpu
                  1⤵
                    PID:475
                  • /usr/libexec/xpcproxy
                    xpcproxy com.apple.sysmond
                    1⤵
                      PID:494
                    • /usr/libexec/sysmond
                      /usr/libexec/sysmond
                      1⤵
                        PID:494

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads