1342910e62ee07f6c05b218accc2801d97ba22b5a287e393aa22422b86201d3f

Resubmissions

16/01/2025, 19:41

250116-yefvmawpcp 10

16/01/2025, 15:26

250116-st6rpsxmgj 10

16/01/2025, 08:39

250116-kkqp5a1rbv 10

Analysis

max time kernel
70s
max time network
106s
platform
macos-10.15_amd64
resource
macos-20241101-en
resource tags

arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
16/01/2025, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe
Size

667KB
MD5

70f9a755aa03e1e20ab6a4746530f24b
SHA1

5caa383a0843e59474c17dbbe431b84b486eee70
SHA256

1342910e62ee07f6c05b218accc2801d97ba22b5a287e393aa22422b86201d3f
SHA512

77c229074fdd172ec9e579d9fb5b1977557744bc54e3bbada3150659e0b36ae9516491adad78e15f70fd4c3c8c060ae22d4f16a3704aef68d429d4a6fec235f8
SSDEEP

12288:WbMqmxEEb4E9F/ATyGv4XKGQi2lJLm1Giizl6oAlpxElrW1A:WIPEEb4Ev/ATEXKGVnGTzpA1Ec1A

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 2 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer	Process not Found
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck	Process not Found

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:431

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:434

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:440

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:443

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe\""
1⤵
PID:447

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe\""
1⤵
PID:447

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe
1⤵
PID:447
- /bin/zsh
  /bin/zsh -c /Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe
  2⤵
  PID:449
- /Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe
  /Users/run/JaffaCakes118_70f9a755aa03e1e20ab6a4746530f24b.exe
  2⤵
  PID:449

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:436

/usr/libexec/xpcproxy
xpcproxy com.apple.nsurlstoraged
1⤵
PID:479

/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
1⤵
PID:479

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/db/nsurlstoraged/dafsaData.bin

Filesize
54KB

MD5
64f469698e53d0c828b7f90acd306082

SHA1
bcc041b3849e1b0b4104ffeb46002207eeac54f3

SHA256
d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

SHA512
a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Download Submit