488e77d98f25ced9fb17a11a29ddb97e8e2b7af76eaf4c045c78b314390528df | Triage

Submit
Reports

Overview

overview

8

Static

static

1

VanishRaider

macos-10.15-amd64

8

Sharing

General

Target

VanishRaider
Size

303KB
Sample

240703-12razsybkl
MD5

f7d7db4761fd35be02a830a95171d620
SHA1

7a8ff7ce77c5403fae478f4cce478ae76326224f
SHA256

488e77d98f25ced9fb17a11a29ddb97e8e2b7af76eaf4c045c78b314390528df
SHA512

27974036f807465ea808fdf316aa4e3eeda6bf8e23c74ccdb27c5a1c8ec802c511d13c67a1ed8ce387109d4f677b8227562388740cc866706b227793deccb2f8
SSDEEP

6144:k+o0r2n9dH5M2vkm0y3Cl3pId9Rj9dvZJT3CqbMrhryfQNRPaCieMjAkvCJv1ViZ:po0r2n9dH5M2vkm0y3Cl3pId9Rj9dvZl

Score

8^/10

discovery evasion macos

Static task

static1

Behavioral task

behavioral1

Sample

VanishRaider

Resource

macos-20240611-en

discovery evasion

macos-10.15-amd64

5 signatures

1800 seconds

Malware Config

Targets

- Target
  
  VanishRaider
- Size
  
  303KB
- MD5
  
  f7d7db4761fd35be02a830a95171d620
- SHA1
  
  7a8ff7ce77c5403fae478f4cce478ae76326224f
- SHA256
  
  488e77d98f25ced9fb17a11a29ddb97e8e2b7af76eaf4c045c78b314390528df
- SHA512
  
  27974036f807465ea808fdf316aa4e3eeda6bf8e23c74ccdb27c5a1c8ec802c511d13c67a1ed8ce387109d4f677b8227562388740cc866706b227793deccb2f8
- SSDEEP
  
  6144:k+o0r2n9dH5M2vkm0y3Cl3pId9Rj9dvZJT3CqbMrhryfQNRPaCieMjAkvCJv1ViZ:po0r2n9dH5M2vkm0y3Cl3pId9Rj9dvZl
Score

8^/10

discovery evasion
- Path Permission
  Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Gatekeeper Bypass
  Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
  evasion
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Subvert Trust Controls

Gatekeeper Bypass

Indicator Removal

File Deletion

Hide Artifacts

Resource Forking

Credential Access

Discovery

File and Directory Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasion

© 2018-2024

Terms | Privacy