Overview

overview

10

Static

static

10

2025-03-08...ekoobe

macos-10.15-amd64

1

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    08/03/2025, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe

  • Size

    3.0MB

  • MD5

    2cb9465d048f06d296869452df280d07

  • SHA1

    d0931b1e412d38c061e0a0829d50d24e75bd79c2

  • SHA256

    31059bd23ea23f951173448224a234779f7d156af2a3e05ba1ed6ca5969d1449

  • SHA512

    3ab6a6679cd0f145cd4d671336b66f67ae854960c85452e298926b2f01934256639d3ae6edf21087aa74dfaac88720feaf198d1d9e66b5123156c72545638492

  • SSDEEP

    49152:ZguJx3jLj7BBmM5EW6djOp7b9rZpgcMiw04Zp:px3LEfjA9NHwZZp

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe\""
    1⤵
      PID:460
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe\""
      1⤵
        PID:460
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe
        1⤵
          PID:460
          • /bin/zsh
            /bin/zsh -c /Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe
            2⤵
              PID:461
            • /Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe
              /Users/run/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-rat_rekoobe
              2⤵
                PID:461
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.quicklook.satellite.D3E1A994-FDED-40CF-BECD-501B584F80C2 462
              1⤵
                PID:464
              • /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                1⤵
                  PID:464
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.spindump
                  1⤵
                    PID:491
                  • /usr/sbin/spindump
                    /usr/sbin/spindump
                    1⤵
                      PID:491
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.nsurlstoraged
                      1⤵
                        PID:495
                      • /usr/libexec/nsurlstoraged
                        /usr/libexec/nsurlstoraged --privileged
                        1⤵
                          PID:495
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.colorsync.useragent
                          1⤵
                            PID:502
                          • /System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
                            /System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
                            1⤵
                              PID:502

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • /Library/Logs/DiagnosticReports/2025-03-08_2cb9465d048f06d296869452df280d07_adload_lckmac_poet-r_2025-03-08-010336_tests-iMac.wakeups_resource.diag
                              Filesize

                              4KB

                              MD5

                              df1f0d8554b0313b0ca026950f2f0853

                              SHA1

                              5340a9aa2906f46418e3687b526a998ab99edda6

                              SHA256

                              4e8e20da03e67fc86b997517c023434cfbcb80ec3ca0901162dd88db6ffe3bd0

                              SHA512

                              683b92fab6121f32aca7a3f427ad3c9467ebfba4d6f20714899ff3abb7de4b3bb8827a0625412376d0eaff7c1a307cd75d95d48feda78199caac748b12d5a488

                              Download Submit

                            • /Users/run/Desktop/encrypted_master_key.txt
                              Filesize

                              693B

                              MD5

                              e90cd9fa8d7abb4552b3222fef24a9c3

                              SHA1

                              a327fba3e6cd74cc75ca211f56fa2a043d8e5c10

                              SHA256

                              7d36bc54e3c53219a45583f05e584f9d9520e91ff38eed2d2204e140899b9c49

                              SHA512

                              71e043ef74e897bfdb3dad663b11e27dda2c27ded6d2ee7b274e898f421e76dad1265209fc19760a6fe0c6c2b47d29bc0f45cb76db36293e9d52f1411fbeab00

                              Download Submit

                            • /var/db/nsurlstoraged/dafsaData.bin
                              Filesize

                              54KB

                              MD5

                              64f469698e53d0c828b7f90acd306082

                              SHA1

                              bcc041b3849e1b0b4104ffeb46002207eeac54f3

                              SHA256

                              d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

                              SHA512

                              a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

                              Download Submit