Overview

overview

4

Static

static

1

Snaptik.ap...51.mp4

macos-10.15-amd64

4

Snaptik.ap...51.mp4

ubuntu-18.04-amd64

Snaptik.ap...51.mp4

debian-9-armhf

Snaptik.ap...51.mp4

debian-9-mips

Snaptik.ap...51.mp4

debian-9-mipsel

Analysis

  • max time kernel
    64s
  • max time network
    104s
  • platform
    macos-10.15_amd64
  • resource
    macos-20241106-en
  • resource tags

    arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    28/03/2025, 09:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Snaptik.app_7482572230199741751.mp4

  • Size

    2.3MB

  • MD5

    2991af75fee6dd698e73564d0e2c4cb3

  • SHA1

    7a011a82374b46e51982ea881e6585967180dfd3

  • SHA256

    46765a5fbfe09f86ab4786d0133d01b6efa0eb12b70c719e309f728f13c7b986

  • SHA512

    4f01ec5b02138ff52ecead89bb619adb4b782d32c47e183c51951c717d6dbce90dcfc13dcd455b016c8d3de52d44668ac3d7f768655462d6302c9386ea496894

  • SSDEEP

    49152:uRHsYpdBjp+7/cFVxku5qRsgt6xQiqeXvaWG0cYsFoyPIc:u9s43A/sk2ct/ZeCWQ9PPIc

Score
4/10
defense_evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 2 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    defense_evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Snaptik.app_7482572230199741751.mp4\""
    1⤵
      PID:456
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Snaptik.app_7482572230199741751.mp4\""
      1⤵
        PID:456
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Snaptik.app_7482572230199741751.mp4
        1⤵
          PID:456
          • /bin/zsh
            /bin/zsh -c /Users/run/Snaptik.app_7482572230199741751.mp4
            2⤵
              PID:459
            • /Users/run/Snaptik.app_7482572230199741751.mp4
              /Users/run/Snaptik.app_7482572230199741751.mp4
              2⤵
                PID:459
            • /usr/libexec/pkreporter
              /usr/libexec/pkreporter
              1⤵
                PID:444
              • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                1⤵
                  PID:451
                • /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                  /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
                  1⤵
                    PID:447
                  • /System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
                    "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
                    1⤵
                      PID:442
                    • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                      "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                      1⤵
                        PID:454
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.audio.AudioComponentRegistrar
                        1⤵
                          PID:484
                        • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                          /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                          1⤵
                            PID:484
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.nsurlstoraged
                            1⤵
                              PID:493
                            • /usr/libexec/nsurlstoraged
                              /usr/libexec/nsurlstoraged --privileged
                              1⤵
                                PID:493

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • /var/db/nsurlstoraged/dafsaData.bin
                                Filesize

                                54KB

                                MD5

                                64f469698e53d0c828b7f90acd306082

                                SHA1

                                bcc041b3849e1b0b4104ffeb46002207eeac54f3

                                SHA256

                                d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

                                SHA512

                                a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.