General
-
Target
.
-
Size
14KB
-
Sample
250328-ng2vrsxkv9
-
MD5
c0212db924137a13a9d05f77c80615d4
-
SHA1
a86cb77e87edee02c6e4a608cb351c4acd511114
-
SHA256
a380c0bf94cd2a468afa9f52e4153009b32aee9cab9db0f2934488f98fa86dfa
-
SHA512
535466afce1bbf4eebad0cff24cdbca0210677786af0b2a90a721d150fb3e140eae61ee0dda45fdb47acb95771eee1abe231638ea0a4518e17ccbb3a39c1ac3b
-
SSDEEP
192:ikqQzTr+0av+IF0qwgizuCauAl+e13u3xF+BkhzJIIMr4QJlp6x:GaTo0VAluh0ix
Malware Config
Targets
-
-
Target
.
-
Size
14KB
-
MD5
c0212db924137a13a9d05f77c80615d4
-
SHA1
a86cb77e87edee02c6e4a608cb351c4acd511114
-
SHA256
a380c0bf94cd2a468afa9f52e4153009b32aee9cab9db0f2934488f98fa86dfa
-
SHA512
535466afce1bbf4eebad0cff24cdbca0210677786af0b2a90a721d150fb3e140eae61ee0dda45fdb47acb95771eee1abe231638ea0a4518e17ccbb3a39c1ac3b
-
SSDEEP
192:ikqQzTr+0av+IF0qwgizuCauAl+e13u3xF+BkhzJIIMr4QJlp6x:GaTo0VAluh0ix
Score8/10-
Path Permission
Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Gatekeeper Bypass
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
-
File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hide Artifacts
1Resource Forking
1Indicator Removal
1File Deletion
1Subvert Trust Controls
1Gatekeeper Bypass
1Virtualization/Sandbox Evasion
1System Checks
1