General

  • Target

    Figma.dmg

  • Size

    1.9MB

  • Sample

    250220-g6d2nsymap

  • MD5

    580d009f10c6c34765b0e61edd2de1ae

  • SHA1

    5e5a735e353b75036d9d96b8456710dd08747047

  • SHA256

    9a0b87d549c79c073c3bea352267f5e353c0d09e4be6b93db79ad14bb8c6c398

  • SHA512

    acc2a9ff032e669689452ff2737e1ff5a218889527562df503db83372497a085042212f8b51524341d5e76be72b654bef1ee990753b08c0c14bf325188bae850

  • SSDEEP

    49152:4NDO5qdoAVlqK+teg5tZHaUyMMf0455Gq2r7BnBg55UTN+thv7KJp:4NDO5qdR8tewL4xf0iqrpBw5qcve

Malware Config

Targets

    • Target

      Figma.dmg

    • Size

      1.9MB

    • MD5

      580d009f10c6c34765b0e61edd2de1ae

    • SHA1

      5e5a735e353b75036d9d96b8456710dd08747047

    • SHA256

      9a0b87d549c79c073c3bea352267f5e353c0d09e4be6b93db79ad14bb8c6c398

    • SHA512

      acc2a9ff032e669689452ff2737e1ff5a218889527562df503db83372497a085042212f8b51524341d5e76be72b654bef1ee990753b08c0c14bf325188bae850

    • SSDEEP

      49152:4NDO5qdoAVlqK+teg5tZHaUyMMf0455Gq2r7BnBg55UTN+thv7KJp:4NDO5qdR8tewL4xf0iqrpBw5qcve

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

    • Target

      Figma/Figma.app/Contents/MacOS/DynamicUniversalApp

    • Size

      200KB

    • MD5

      dcc30afa7f07f008f09c6c427c8d702f

    • SHA1

      037c4830a4451055ab745f0b4e3593dda3440b8e

    • SHA256

      8c9621b8b2ab17fd35d1a704c4c3a9dfe311e2e23dc3bd10388aa77646b4ab67

    • SHA512

      f0d139a35070234c2209d80e4814db67a4781995d57626741d96098655d6381c8c57086d0aaed1d38206b1ca7cb4c8cd1fc88c3269ca6b3a5ad8bdd74aa6d0fd

    • SSDEEP

      3072:D42FYXpCUHRoy2FHrJzzl4woO2V01s6c:DlFY5Doy23zB7oI17c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks