Overview

overview

1

Static

static

1

watchdog.elf

macos-10.15-amd64

1

Resubmissions

13-01-2025 14:19

250113-rm7vravmez 1

13-01-2025 14:07

250113-re1fpsvkc1 10

09-01-2025 06:07

250109-gva6mstldl 7

Analysis

  • max time kernel
    360s
  • max time network
    286s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    13-01-2025 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    watchdog.elf

  • Size

    309KB

  • MD5

    f124e8a9e771966e3846a638be333e8d

  • SHA1

    07a3ee5d11f8c31f650de519edaa18a4c7548a9d

  • SHA256

    50dad45e91f61043118a822c13316171108c676db874ab5cfc77f149a41eba9f

  • SHA512

    a7dacb77f171b4a5f475b6523dd0f6a4da009291f4a10c35cf206bfd4d31e1a605d1266ce0d885515f5e50df7aba8dbac8975c3efb0adf0e5209c4fbf7f51131

  • SSDEEP

    6144:uyKTXNPSWNKzpsMQspTeOKPsYekmRtwqNHexsYKlJ6dQC4yV6OEfXOd:cdSD+haTbKUMmRqqNHexsYKlJ6dQCvcj

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/watchdog.elf\""
    1⤵
      PID:476
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/watchdog.elf\""
      1⤵
        PID:476
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/watchdog.elf
        1⤵
          PID:476
          • /bin/zsh
            /bin/zsh -c /Users/run/watchdog.elf
            2⤵
              PID:479
            • /Users/run/watchdog.elf
              /Users/run/watchdog.elf
              2⤵
                PID:479
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.Terminal.2100
              1⤵
                PID:501
              • /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
                /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
                1⤵
                  PID:501
                  • /usr/bin/login
                    login -pf run
                    2⤵
                      PID:503
                      • /bin/zsh
                        -zsh
                        3⤵
                          PID:504
                          • /usr/libexec/path_helper
                            /usr/libexec/path_helper -s
                            4⤵
                              PID:505
                            • /usr/bin/locale
                              locale LC_CTYPE
                              4⤵
                                PID:506
                              • /bin/ls
                                ls
                                4⤵
                                  PID:507
                                • /usr/bin/crontab
                                  crontab
                                  4⤵
                                    PID:508
                                  • /usr/bin/crontab
                                    crontab -h
                                    4⤵
                                      PID:509
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.Terminal.2100
                                1⤵
                                  PID:513
                                • /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
                                  /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
                                  1⤵
                                    PID:513
                                    • /usr/bin/login
                                      login -pf run
                                      2⤵
                                        PID:514
                                        • /bin/zsh
                                          -zsh
                                          3⤵
                                            PID:515
                                            • /usr/libexec/path_helper
                                              /usr/libexec/path_helper -s
                                              4⤵
                                                PID:516
                                              • /usr/bin/locale
                                                locale LC_CTYPE
                                                4⤵
                                                  PID:517
                                                • /bin/ls
                                                  ls
                                                  4⤵
                                                    PID:518
                                                  • ./watchdog.elf
                                                    ./watchdog.elf
                                                    4⤵
                                                      PID:519
                                                    • /bin/cat
                                                      cat watchdog.elf
                                                      4⤵
                                                        PID:520

                                                Network

                                                MITRE ATT&CK Matrix

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads