Overview

overview

10

Static

static

10

2025-03-06...ekoobe

macos-10.15-amd64

4

Analysis

  • max time kernel
    2s
  • max time network
    102s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    06/03/2025, 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe

  • Size

    168KB

  • MD5

    7f58e87fe5545f641fd34a8e23022181

  • SHA1

    0ba1a70b086b09b75a10b1ab286ae59bf97c3cbf

  • SHA256

    3b072080552c05a4636e485df3ddf12052c6b95cb2345b8380632ba55670de60

  • SHA512

    5ec7d95537ae9ccbb3b670197e9fa55242ec2d3926addea0fb64ed188bc1dc4317f7f35d1d06377a7a3260781c111ffa57261fb271c7df92e1fac18e47cc773c

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dS0:5SeOQdaZNxtk8cqhSxvHY9

Score
4/10
defense_evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 2 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    defense_evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe\""
    1⤵
      PID:476
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe\""
      1⤵
        PID:476
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
        1⤵
          PID:476
          • /bin/zsh
            /bin/zsh -c /Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
            2⤵
              PID:478
            • /Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
              /Users/run/2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
              2⤵
                PID:478
            • /usr/libexec/pkreporter
              /usr/libexec/pkreporter
              1⤵
                PID:473
              • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                1⤵
                  PID:460
                • /System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
                  "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
                  1⤵
                    PID:466
                  • /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                    /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                    1⤵
                      PID:468
                    • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                      "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                      1⤵
                        PID:462
                      • /bin/sh
                        sh -c "sysctl -n hw.ncpu"
                        1⤵
                          PID:479
                        • /bin/bash
                          sh -c "sysctl -n hw.ncpu"
                          1⤵
                            PID:479
                          • /usr/sbin/sysctl
                            sysctl -n hw.ncpu
                            1⤵
                              PID:479

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads