Overview

overview

10

Static

static

10

2024-12-26...ekoobe

macos-10.15-amd64

1

Analysis

  • max time kernel
    79s
  • max time network
    105s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241101-en
  • resource tags

    arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    26-12-2024 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe

  • Size

    168KB

  • MD5

    db3aa9ee827e20e56eea7368686b7c33

  • SHA1

    3ce8059f11aa013b406bda2c7b5671858fb0c514

  • SHA256

    e149cade0793bdd58d95fa534bf57e37e622affadb144d4c84f54021bc0d1d8a

  • SHA512

    cd010174820d6cc10ece494eb75a1ae0b5ad6db6c7adebcea0dcb3a7cd77acc374f796539f27eca23d9ecb254018b384d6ac7bee4ebfffb5b4240e1789afd7fa

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9iuX0:5SeOQdaZNxtk8cqhSxvHY9i

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe\""
    1⤵
      PID:465
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe\""
      1⤵
        PID:465
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe
        1⤵
          PID:465
          • /bin/zsh
            /bin/zsh -c /Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe
            2⤵
              PID:467
            • /Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe
              /Users/run/2024-12-26_db3aa9ee827e20e56eea7368686b7c33_adload_evilquest_rekoobe
              2⤵
                PID:467
            • /bin/sh
              sh -c "sysctl -n hw.ncpu"
              1⤵
                PID:468
              • /bin/bash
                sh -c "sysctl -n hw.ncpu"
                1⤵
                  PID:468
                • /usr/sbin/sysctl
                  sysctl -n hw.ncpu
                  1⤵
                    PID:468

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads