Overview

overview

10

Static

static

10

sample.macho

macos-10.15-amd64

7

Analysis

  • max time kernel
    27s
  • max time network
    149s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241101-en
  • resource tags

    arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    12-02-2025 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.macho

  • Size

    14.0MB

  • MD5

    d3985e1abb572390a2ed92fc6597a8b2

  • SHA1

    7e3540e89a98ea8478d5b592a72128243f923e92

  • SHA256

    f67722ca1162917313772c74d4ca27855757b36f75945501a421f18d5a7ff0eb

  • SHA512

    d6a09799616320f48f50d1747b5a75c646029a4a1eeb984654a3e83ec5be685a3a33b397e0315f33749a56ca68b133f5da72ff42386a0de4ef70939e232de460

  • SSDEEP

    98304:8BjBNY45hUaBrTPY4N6xR0oVmcE7PGv6nuCC2k0Lwfs:8RkKTP2yoV+7ECC2f

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/sample.macho\""
    1⤵
      PID:469
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/sample.macho\""
      1⤵
        PID:469
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/sample.macho
        1⤵
          PID:469
          • /bin/zsh
            /bin/zsh -c /Users/run/sample.macho
            2⤵
              PID:470
            • /Users/run/sample.macho
              /Users/run/sample.macho
              2⤵
                PID:470
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.nsurlstoraged
              1⤵
                PID:474
              • /usr/libexec/nsurlstoraged
                /usr/libexec/nsurlstoraged --privileged
                1⤵
                  PID:474

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /var/db/nsurlstoraged/dafsaData.bin
                  Filesize

                  54KB

                  MD5

                  64f469698e53d0c828b7f90acd306082

                  SHA1

                  bcc041b3849e1b0b4104ffeb46002207eeac54f3

                  SHA256

                  d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

                  SHA512

                  a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

                  Download Submit