Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
Pipidae.app

Overview

General Information

Sample Name:Pipidae.app
Analysis ID:1294523
MD5:8881338c77f4285d197fb52229575d64
SHA1:23eea6ab534cf7aa5e9356660cfa974c3e610bbd
SHA256:7a1f844ec0aa595b09d4044e99690cf3d3095a3faae5656a7f5b78cc593563f5
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Denies being traced/debugged (via ptrace PT_DENY_ATTACH)
Process executable has a file extension which is uncommon (probably to disguise the executable)
Contains symbols with suspicious names likely related to encryption
Contains symbols with suspicious names likely related to networking
Uses CFNetwork bundle containing interfaces for network communication (HTTP, sockets, and Bonjour)
Reads the systems OS release and/or type

Classification

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1294523
Start date and time:2023-08-21 15:42:38 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:10.13
CPU architecture:x86_64
Analysis Mode:default
Sample file name:Pipidae.app
Detection:MAL
Classification:mal56.evad.macAPP@0/0@1/0
Command:/Users/berri/Desktop/Pipidae.app
PID:895
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:
  • System is macvm-highsierra
  • Pipidae.app (MD5: 8881338c77f4285d197fb52229575d64) Arguments: /Users/berri/Desktop/Pipidae.app
  • cleanup
No yara matches
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Pipidae.appReversingLabs: Detection: 13%
Source: Pipidae.appVirustotal: Detection: 38%Perma Link