SiliconBox Core Released

SiliconBox
2 min readOct 8, 2024

--

Hello all, happy to announce that we decided to share SiliconBox Core with the community. It’s available for download for free from out website — https://thesiliconbox.com/community-edition/.

To install the tool, you need to download the zipped pkg, right click and open. Yes, I know, sounds like social engineering but we haven’t gone through the Apple notarization process yet so need that extra step. The binary is properly signed with our developer licenses though (feel free to verify with the codesign utility).

During the installation process you need to agreeing to the user and usage agreement, after which:

  • SiliconBox Core command line utility will get installed to /usr/local/bin/siliconbox
  • You’ll get a prompt to add the provisioning profile so the binary could use the entitlements necessary

The binary should be placed in your path so running it from Terminal (which would need Full Disk Access) should be as straightforward as running the command siliconbox which will output the usage guide:

siliconbox

Example of running a fake Notion app which is actually the Atomic MacOS Stealer (InfoStealer):

Fake Notion (AMOS) password prompt

SiliconBox Core is run in the image with a 20 second timeout, full runmode, automatic execution enabled (no need to open sample manually), and with debug output enabled.

Note the timeout does not reflect the total running time of siliconbox — it is the log collection time, the tool itself might run longer depending on the data produced. This is due to how ESF events are collected and some noise which we are cleaning up as we go along. Maximum clean-up time for log aggregation is timeout * 2.

Use your favorite tool to look into the logs or get in contact to learn more about our SiliconBox Intelligence solution that makes understanding the logs produced easier (example image below the title of the article).

Oh, and please do give us feedback on your usage experience by commenting or writing to us at info@maecer.ee.

--

--

SiliconBox

SiliconBox is the name of our malware analysis sandbox for latest Apple hardware. We are Maecer (https://maecer.ee/) and we are looking into macOS threats.