Scribd
Upload
30 views

malware_analysis_report

The malware analysis report indicates that the file '[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt' is likely benign with a score of 4/10. The analysis includes details on evasion tactics and various command line processes associated with the file. Network activity shows connections to multiple domains, primarily involving Google and Apple services.

Uploaded by

prabhjot arora
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

malware_analysis_report

The malware analysis report indicates that the file '[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt' is likely benign with a score of 4/10. The analysis includes details on evasion tactics and various command line processes associated with the file. Network activity shows connections to multiple domains, primarily involving Google and Apple services.

Uploaded by

prabhjot arora
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Malware Analysis Report

2025-04-03 09:21

Sample ID 240415-trm29aaf98 score

[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX

4
Target
PREMIUM COOKIES⚡.txt /10
SHA256 cdba7b5aba4ebcfa1564d8efc70a08029fe8252a1624221bed0cc215d99f6465
Tags evasion
Table of Contents
Part 1. Analysis Overview

Part 2. MITRE ATT&CK


2. 1. Enterprise Matrix V15

Part 3. Analysis: static1


3. 1. Detonation Overview

3. 2. Signatures

Part 4. Analysis: behavioral1


4. 1. Detonation Overview

4. 2. Command Line

4. 3. Signatures

4. 4. Processes

4. 5. Network

4. 6. Files
Part 1. Analysis Overview
score SHA256
cdba7b5aba4ebcfa1564d8efc70a08029fe8252a1624221bed0cc215d99f6465

4 /10

Threat Level: Likely benign

The file [✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking
Part 2. MITRE ATT&CK
2. 1. Enterprise Matrix V15
Reconnaissance
TA0043

Resource Development
TA0042

Initial Access
TA0001

Execution
TA0002

Persistence
TA0003

Privilege Escalation
TA0004

Defense Evasion Hide Artifacts


TA0005 T1564

Resource Forking T1564.009

Credential Access
TA0006

Discovery
TA0007

Lateral Movement
TA0008

Collection
TA0009

Command and Control


TA0011

Exfiltration
TA0010

Impact
TA0040
Part 3. Analysis: static1
3. 1. Detonation Overview

Reported
2024-04-15 16:17

3. 2. Signatures
N/A
Part 4. Analysis: behavioral1
4. 1. Detonation Overview

Submitted Reported Platform Max time kernel Max time network


2024-04-15 16:17 2024-04-15 16:19 macos-20240410-en 106s 92s

4. 2. Command Line

[sh -c sudo /bin/zsh -c "/Users/run/[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt"]

4. 3. Signatures
Resource Forking
evasion

Description Indicator Process Target


N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettings
N/A N/A N/A
VisibilityCheckTool
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A

4. 4. Processes

/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt"]

/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt"]

/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt]

/bin/zsh
[/bin/zsh -c /Users/run/[✨ NETFLIX ✨] ⚡️2X NETFLIX PREMIUM COOKIES ⚡ NETFLIX PREMIUM COOKIES⚡.txt]

/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app]

/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.D3EA9533-4F96-4F59-8420-4ABF7380A151 512]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.5C9CDC60-FF9F-458E-B13B-5BE1BD867E81 512]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 512]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/M
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.S

/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SafeBrowsing.Service]

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.A1A83322-371C-4257-AF0C-95C09B48D1CB 512]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.D2DC9287-56CF-4D5A-A293-EFD8EA570575 512]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.2577BD68-A2AF-40A5-B55F-26B2B086CCF4 512]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.63A15C6C-3BE9-4E21-8BA9-7636362ABFDF 512]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.a
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences


[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 544]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/Mac
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRem
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd
[/usr/libexec/nfcd]

/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]

/usr/libexec/studentd
[/usr/libexec/studentd]

/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]

/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy
[xpcproxy com.apple.preference.keyboard.remoteservice 544]

/System/Library/PreferencePanes/Keyboard.prefPane/Contents/XPCServices/Keyboard.remoteservice.xpc/Contents/MacOS/Keyboard
[/System/Library/PreferencePanes/Keyboard.prefPane/Contents/XPCServices/Keyboard.remoteservice.xpc/Contents/MacOS/Keyboard.remoteservice]

/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]

/usr/sbin/spindump
[/usr/sbin/spindump]

/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]

4. 5. Network
Country Destination Domain Proto
US 151.101.67.6:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.73.27:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
FR 15.237.18.235:443 api-glb-aeuw3b.smoot.apple.com tcp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
GB 142.250.178.10:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
GB 172.217.16.238:443 clients1.google.com tcp
US 8.8.8.8:53 www.yelp.com udp
US 151.101.0.116:443 www.yelp.com tcp
US 8.8.8.8:53 id.google.com udp
AE 172.217.17.35:443 id.google.com tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp

4. 6. Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27
MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
MD5 2f0b03a5d57f5514f66975ce03639675
SHA1 76fb969f7e3b20656c35edde161779b8785cb904
SHA256 8520ee356cf79330c2f1375ebc02f8e84ec7791adf22d676b0a3a0e8b0cf72e9
SHA512 dd6f291c5af83145a7e8508d7cd2e8cfceea4fe1d2a39f4e61b084e9d837b81d85fccd0d6a8a9f0945527abc90ddafc173bdbdb982397268fedcf2977f6918a1

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
MD5 b1d8a1176643b9d33139569864100cb2
SHA1 41d74fadda60fb1d9e212bd5a22dc069d4f5f9f6
SHA256 6be59d5ae4b1f4ac3374d7580249d1fabff648dff24be11aad0dfe75baa3a415
SHA512 a2adafd67c30fe567fbaf776e68521805ab3457b3cc86480a586db48da9c164b81348d8734e2472ba924dd728ec977b3944c6cc9a24d41f02b454fb7601658ce
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
MD5 c94df4af701ec8c6108fb1e371acb33d
SHA1 a4f2c2e36e5f866f9c44a5c649fa140a00b3861a
SHA256 cd2e5488f65f58b1e75cf1366890ea3ef568f17899d43971b9dfac0e4ae3c621
SHA512 eb6519b88dc4fc58830a49507c9c20bf184f70ec351ab5ecb4a0d3291c43c7aa4d2ed6d1abfa12c9efebb345dfdb080423cf72250224dd76dfdae36112659e2b

/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data


MD5 60a50f6cc3c9a46f5e34f1f0ad13b279
SHA1 cee73803ab1a4c3b81b9400ea5b2228b50d1b762
SHA256 039a4144c04b2f46720a216843d6cf13048ceb9d720df0e55c50a7538ac618c4
SHA512 c65fbab3fb5d6dd94137c520ea22529bb19f07e7677b058c5f5adc3ff4be30940a9fb768425a309ab951a6b3b3382ca30fdc834a5a53a4cb270cb244dd9065cc

/private/var/db/spindump/tailspin-trace.2024-04-15_16-18-44.tailspin
MD5 30e00838bb98432af68a6469b6ff3687
SHA1 950f892b40e42bb6b79103071c335f88c9ebb4aa
SHA256 f9ad6a11523c250341ef5a2ad7e3791e1448d98178050b03eac2edd107228384
SHA512 58f6d40cc6cc0277c5b4aa69f8fa88f713ed56fdcfa3572da3fafc3edb03b8616bf52ebe03872cee37310ac79d13ebe0b32ca45298e76df07c16721619898563

/private/var/db/spindump/tailspin-trace.2024-04-15_16-18-44.tailspin
MD5 186f59534b8abec6b1e57ffccb02462e
SHA1 fb671db3768866b6f7fb41a5d76f98ad7f57069e
SHA256 35fed0536bd0ac8f3d8fd605a18160ea16a32f3e095da2c5b38d922409b29cfe
SHA512 6f3bad75eab5d5dacc3b6d4a1488b39aaf79330e221d79bc87f0836321526affe22ccf5b6617bedff9ea4912a59df202e0b588abe3371267d5cdbf2e2558c37e

You might also like