Analysis
-
max time kernel
231s -
max time network
241s -
platform
macos-10.15_amd64 -
resource
macos-20241101-en -
resource tags
-
submitted
28/03/2025, 10:51
General
-
Target
JetBrains_PyCharm_Professional_2023.1.2/pycharm-professional-2023.1.2.dmg
-
Size
670.6MB
-
MD5
61e6ca28053b2c135b4e6f98202832aa
-
SHA1
0aecf7bce88ae1f0e6111299ce9fbc4883d0c654
-
SHA256
46d8c03dd18de5a87837f3a437ae05ad7ad1ba3d61d742cef5124a30f5aa1109
-
SHA512
29e85989bce02138388740a14169b2cd745c66466a5870a0f1b90845867e8741bb165278c27ba3fa767afeaa0abe9ea404e52ea069676918ad7cbff6dd863ac7
-
SSDEEP
12582912:ikLkHpL7HG6kzAUHzF10ZipcA/fOxx74bCvJPUvMrMj9Z4:dk06kEU8Za/01JsXRZ
Score
4/10
Malware Config
Signatures
-
Resource Forking 1 TTPs 4 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"open /Volumes/PyCharm/PyCharm.app\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"open /Volumes/PyCharm/PyCharm.app\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "open /Volumes/PyCharm/PyCharm.app"1⤵
-
/bin/zsh/bin/zsh -c "open /Volumes/PyCharm/PyCharm.app"2⤵
-
-
/usr/bin/openopen /Volumes/PyCharm/PyCharm.app2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.jetbrains.pycharm.23241⤵
-
/Volumes/PyCharm/PyCharm.app/Contents/MacOS/pycharm/Volumes/PyCharm/PyCharm.app/Contents/MacOS/pycharm1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.replayd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/replayd/usr/libexec/replayd1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵
-
/usr/sbin/spindump/usr/sbin/spindump1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.installd1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.713922E8-1625-42B8-8B14-414198DB9E641⤵
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.storedownloadd1⤵
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.system_installd1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5021⤵
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.DiagnosticReportCleanup.plist1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5021⤵