macfilecoder | f8dd1edd285ba0ee23250d7925dd7c230aaf3845ceedb6bcfe2913815c8775db

Target

filecoder.dmg
Size

2.5MB
Sample

231229-tz8zpahfa3
MD5

5557a06822358ea7814891631f7df8ce
SHA1

f6e215ed5a1623de05c6f63033aa4f6d1a5696d6
SHA256

f8dd1edd285ba0ee23250d7925dd7c230aaf3845ceedb6bcfe2913815c8775db
SHA512

a592d44e8942dd223792baf0180bb4d06d0d9e0e2740a64c86c89435cefc3a704acc86ab0caee207eb549f7e8eaee777b66178bd4ac7f7c331d981b7e40a0d5b
SSDEEP

49152:WnLGfgOiTIFfXfXWTlOsXY/RlwpoAbA+HzTjahhyBZWFGWMaIeNW:WL18xvX+lOsXCwp5LW0BUFGWnIeNW

Score

10^/10

Malware Config

Extracted

Path

/Users/run/Documents/README!.txt

Ransom Note

NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption method. What do I do ? So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy way If You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT FOLLOW THESE STEPS: 1) learn how to buy bitcoin https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version) 2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb 3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com 4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes) KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON'T BE ANY METHOD TO RECOVER YOUR FILES, DON'T WASTE YOUR TIME!

Emails

rihofoj@mailinator.com

Wallets

1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb

URLs

https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version

https://www.whatismyip.com

Targets

- Target
  
  filecoder.dmg
- Size
  
  2.5MB
- MD5
  
  5557a06822358ea7814891631f7df8ce
- SHA1
  
  f6e215ed5a1623de05c6f63033aa4f6d1a5696d6
- SHA256
  
  f8dd1edd285ba0ee23250d7925dd7c230aaf3845ceedb6bcfe2913815c8775db
- SHA512
  
  a592d44e8942dd223792baf0180bb4d06d0d9e0e2740a64c86c89435cefc3a704acc86ab0caee207eb549f7e8eaee777b66178bd4ac7f7c331d981b7e40a0d5b
- SSDEEP
  
  49152:WnLGfgOiTIFfXfXWTlOsXY/RlwpoAbA+HzTjahhyBZWFGWMaIeNW:WL18xvX+lOsXCwp5LW0BUFGWnIeNW
Score

10^/10

macfilecoder ransomware
- MacOSFilecoder
  MacOSFilecoder family.
  ransomware macfilecoder
behavioral1
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftAppKit.dylib
- Size
  
  103KB
- MD5
  
  670543a5f489a2c75ba06d6c29490718
- SHA1
  
  8fefca1f34031b4401024542fbccfb685b8a9e89
- SHA256
  
  aa78b2a8e968902309b2064079f8fbe55cca6d2beef7a3dcdbf715b6be86e49b
- SHA512
  
  c711cf5406e6fca5c705bf37703d04af6534856487bfb3b97092c8a24f2fd599dc931a07fef3f4ec1e83e04c7089ae0fed71a03c85a09e11c82539f7c65c6fce
- SSDEEP
  
  1536:+rP9ztnjFE7p4e2N/2/t3GTXo5vALOzh2/9:+rPdtnjFEN4ef/sTgu/9
Score

1^/10
behavioral2
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftCore.dylib
- Size
  
  5.1MB
- MD5
  
  53de2f2d0c39bd2982ae514471271ceb
- SHA1
  
  2d6e409d8ac5c9d38a921eacf1621daa0d0fadca
- SHA256
  
  c74cd121724b3bf1baa16d03e05f2891a8510a6aafeaca7078c6160012d4c7ce
- SHA512
  
  c561f00f6c93c35203d62f284a3ad99354231775dc7b13e3e6fc30d4cb73cb2c2c950235c168775ec7a8c0194d3fbadf10b88302608d6a3cb9b89575ad6f5800
- SSDEEP
  
  98304:DY0j1jRlwAfHvMZUogVk4xPhf3kESUWn1B:00jxRpfPt0
Score

1^/10
behavioral3
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftCoreData.dylib
- Size
  
  100KB
- MD5
  
  413d381ce461b9378dd3f85c4da16e4f
- SHA1
  
  1cae3e3060ce8ca97f02008d2f9ead3e8d686835
- SHA256
  
  f5f852b747fe14e6c70446600b623c826a0067f3e533c7768e3b9f6b0630531a
- SHA512
  
  060388d2e458ed491f44293e56cb16c0f56672364ffabc843927a79d097ec5de08fd1ef260cb0f36b3629d4a3cc7bca7eda73cdfdf74f3f80fb416b1433bcc74
- SSDEEP
  
  768:a/re/GnHHWr/uqIasquCuBIfqgr0Kin0a3DgfEwCYIftw4TdFI7oN/DyksE2:IelFsJIiC0Ki0a3EZcooFyko
Score

1^/10
behavioral4
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftCoreGraphics.dylib
- Size
  
  152KB
- MD5
  
  85a43fbee488a72bc156b1149ec0ba10
- SHA1
  
  5b1573a0ba472f8bc420fa301d2666fc5de46d02
- SHA256
  
  7526c00e90c0183e142f0e22a601a1d56e18ba8d78798d942731da2c5c775feb
- SHA512
  
  ec8c787f0e610c0f563f9bd1fc2028cbf9f73579e0a0d8eb8757b03fdc7c1f25fe83eb81bb67affd2536b313a21cfd7624a800cf23af66d57b15455a966f5035
- SSDEEP
  
  1536:AQF7X7mtwBvdnzP0y246BA+XZY5131DIVnKtlrrvX47:ZF7RBD1aAuxVnKtlXvX4
Score

1^/10
behavioral5
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftCoreImage.dylib
- Size
  
  34KB
- MD5
  
  746c13ad14b96dce0ed878aadbf69396
- SHA1
  
  f6387859e313d48b224a15200add163065785541
- SHA256
  
  b558cff34f77795bdcf961f27a49d505c2614d0e1f2ced9dd81268cfa8b94497
- SHA512
  
  c91c88eaccd52b309c470244b08c29fbde73db68656c18276c9fc8d90c4eab799727c7113c8aa2fe7d2ea7cd2f1c91ff85aacc56a74b4a12628cbba1b2aa0d66
- SSDEEP
  
  48:xLwg7tRbIH6EWXLEdwhEiErNPEREo1EmE6Em7VJfySrQZ8d77Bxng82nWj4a740o:xLr9MNWVjySsZ8VtZgDn6XFSU1g7
Score

1^/10
behavioral6
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftDarwin.dylib
- Size
  
  65KB
- MD5
  
  ab0363c58f19694f9cc7663cc0340671
- SHA1
  
  45771af7f1bdc7d311c098594f2f2dc8f5e19f02
- SHA256
  
  34eb1e1bd570320109b83c59b1007ba32783f7a687cb3e83e6a08bf79f7d32fe
- SHA512
  
  25317b1c730fa0499cd2ce1652688153bc24eb1778843083cb3b64910a636bcf5aa2e41b58711f9c7a713c9cfb01fb70dbe7fce8459efe3b7b2f562607ddcff4
- SSDEEP
  
  768:6Tb2s6Y4CXDd2wGf7olgQT4VrRP5tX9Z:AXDEfDugQT4VrRP5tX9
Score

1^/10
behavioral7
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftDispatch.dylib
- Size
  
  339KB
- MD5
  
  afaf69f773c0bf01ff139148a258dec5
- SHA1
  
  7cb397e08808c185fab6492677ae610f6699496e
- SHA256
  
  398d271a85b93050c9e4ced5130404130fefee8c9088828460a7459f4aae3936
- SHA512
  
  0bf7d069a48c0ebe9a65b9d20277d9cfa27a0e7eb97d4dbfa650ae6f1e542736603f02bb1ee129b46224558bd3566cee1dc2307c5123cd8df1fd1bc793814b6c
- SSDEEP
  
  3072:L1R1ZDDsFXmC739yG99zbVutP2ddyliC3Bh:fjDSXzNy49z5u9idyliC
Score

1^/10
behavioral8
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftFoundation.dylib
- Size
  
  1.9MB
- MD5
  
  7747941bd63ad916ef90caf0501d1715
- SHA1
  
  1cdc9e34a5c0cc0797e68df6afa07af4f3fbc9a9
- SHA256
  
  fde286480b766182566d760b1f7776a0c742c4787be2def239bf0c0cf2ab9798
- SHA512
  
  64c5bd4358ca83d32ef9b829fc8a2e50ff40da08c4bbc47d6d27adf38859b3ebaf095f43213a06333b6d3154a2c3222014d4fda28aff62e9bc3367e400a828a2
- SSDEEP
  
  49152:uw76oxChZ2znRCHMzwqupX4Fefmwge8mfWizKof0uH2c40H:F6oxChZ2znRCHMMqPFei0RX40
Score

1^/10
behavioral9
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftIOKit.dylib
- Size
  
  34KB
- MD5
  
  a4c557bed4ed5004c87659f097d4ecdf
- SHA1
  
  6dfb22efc0872b006e73462a95abb30e5ebd3f13
- SHA256
  
  dfd7d9f26e409201f62a02b20b2e21197cbd581ecf214708f507f1bdd2c63362
- SHA512
  
  2bfc9a4acf9f00f9fab68be360993c0d22f4c7d640a84253fb5642fc46bdb41a17648b7b9b7936efbc753141b5849ded11d640b411e03400e820f1d7bbf2ef84
- SSDEEP
  
  96:x+DkfTo38CtoySQZUVyiAtCoEvLkzpxqhoee2bfN:s2+VZijoEjkrqhoeeMN
Score

1^/10
behavioral10
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftObjectiveC.dylib
- Size
  
  56KB
- MD5
  
  508ed5eca03b37e552c898322d985c2a
- SHA1
  
  c56777c5fe41a3720da0afa5b1a893e4172f5783
- SHA256
  
  e2473a17a91c88370505ca1f4053e235ae869055a2adf9215bba9864c947bd9c
- SHA512
  
  361334c493b5a2e195943e0b734a605171746cb5f2ef5649b49ba3b95c38d041993fe7c73cb41b93269fe08496a1a9732ba5d7a220cf5471771118dbfe839daf
- SSDEEP
  
  384:E1+7Gykaswxwqr2IoVKxm2PNcYCybPrG0KVjLc0uNUlB2uAHf:E1+iykyanKxm2PCQaTgdaeuAHf
Score

1^/10
behavioral11
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftQuartzCore.dylib
- Size
  
  47KB
- MD5
  
  a91bd9af07ecbb087e28922cca2fda3b
- SHA1
  
  9d9e8c5ef99c3bb82f570a98d201758c7e6bbb20
- SHA256
  
  3e6a3e04c55693a513c19e84fe1f44132141161d7a96b4baf245999a4de36d7d
- SHA512
  
  55391c87e6c8ad22a8d89060c2ea7dc281bf02ba27b08c50eafcaf768f1ae069a3913db8930b9fa8caad19c564a4650bc7a0c3aeac2e3508a9874385e4727039
- SSDEEP
  
  96:xbpCemCmNL3wvTBI11J3yo6yhcseySEZWVMEy8Ntxg2wI7fu+zmOacwdvTCifURR:fCemu496ymupENNGUqvjitES
Score

1^/10
behavioral12
- Target
  
  filecoder/filecoder.app/Contents/Frameworks/libswiftXPC.dylib
- Size
  
  35KB
- MD5
  
  8a65f84bab6615b82d04f687e5799f5f
- SHA1
  
  b273bf81bb5da925f1632b04fa0928d3ab495268
- SHA256
  
  64b4f3a686b69eddcb75cd198af5ca5dac2e08b775d291f9f01a5862fd27a971
- SHA512
  
  5196aff5494b069d5a493dc701bd34769cb9487cdb10114b0b9583c1137dbe6b24c7e988e536439bef6c38ebba6f7911fba814ba0086eea6189d95d6d4d450be
- SSDEEP
  
  96:xtrRD3mwwwwwwwwwwwwwwwwYmySnZlVMv0JntXe8PXqYR8flMi6cEvFvtR1UoQD6:PX9vUJqKUehcEvFlhI4Rk3
Score

1^/10
behavioral13
- Target
  
  filecoder/filecoder.app/Contents/Info.plist
- Size
  
  1KB
- MD5
  
  05ef3a7141f8a3f7ce65a5a6e5f0ba1f
- SHA1
  
  0ea50a94f1fe07f081ffdde77cfbe54a9ea99870
- SHA256
  
  acf175e797f074422af21ce048a9f6b235b40852ebe188d614c6e0bd2ff55d48
- SHA512
  
  f9d87a70f31b97ab2bdbf627cded732dfddd8f626e2d06e8d850d34c1c6a1b166086d24012f3f305db2cf5a8e9e7f773ea6bef504d58f16f560c75b3ccce6022
Score

1^/10
behavioral14
- Target
  
  filecoder/filecoder.app/Contents/MacOS/Office 2016 Patcher
- Size
  
  52KB
- MD5
  
  fc22fbe8dda4258a9f0ceb7e15a04fc2
- SHA1
  
  e55fe159e6e3a8459e9363401fcc864335fee321
- SHA256
  
  91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8
- SHA512
  
  8fd91f54991f210ac6702ae682f969ff2a07ec65e10b637f0ca078cca626c4a43b2861ab154394c16802fc8dfefa03016de675dba98c6c4547b0b6f3b10b70c7
- SSDEEP
  
  768:sXpR5KgVVqOiFTe9KbRXYZvM4owlNEy9EUK190sWN:K5X6FTIKpYZvMClNEy9EUK190sW
Score

1^/10
behavioral15
- Target
  
  filecoder/filecoder.app/Contents/PkgInfo
- Size
  
  8B
- MD5
  
  23b7d7d024abb0f558420e098800bf27
- SHA1
  
  9f9eea0cfe2d65f2c3d6b092e375b40782d08f31
- SHA256
  
  82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0
- SHA512
  
  f77d501528dd0ced155c80406cfbee38d5d3649b64d2a9324f3d6cee39491eb8f54cdebae49c6e21a20d2309d8fae1b01c41631224811e73483db25a2695738c
Score

1^/10
behavioral16
- Target
  
  filecoder/filecoder.app/Contents/Resources/AppIcon.icns
- Size
  
  50KB
- MD5
  
  0bb89d5abb23091ca34e8b8677b197e4
- SHA1
  
  90badadb8ee2123b09a3d1329bb1419c190ec5bb
- SHA256
  
  fc8807cda4bca436a1dd92522978cd0fe21f51b7059c9e6452f800ba3ed658be
- SHA512
  
  5760b4c08d1fded26cb973613992508e4ebe8af7a988c306ba041141f3b106804ecdcde280549194f120c6c54f2c31bc0aacd54dc043664ac8dd388f72d2d929
- SSDEEP
  
  1536:l1jH2dr/N3ynEhXAoQ46kQ42/f8Y4DVM2QrA:3jHSr/NCnAXTZW423srQrA
Score

1^/10
behavioral17
- Target
  
  filecoder/filecoder.app/Contents/Resources/Base.lproj/MainMenu.nib
- Size
  
  38KB
- MD5
  
  e663a0035088123c900e27d5f4b949ab
- SHA1
  
  a8e9eb16370710c527b5ab9ce8d35e57a0bbfb1d
- SHA256
  
  930cf4e2aa5a92dd0579fe6b83f161a13985decddd3e946ae366bcbb4b5451fa
- SHA512
  
  68badba15fb4d9913daf5b68f13167f10eda594e293d5b60e8fcec9f060a0845d7639f4c0595391ee0314ac132d046c0bb6b5b34896f7d65099c0ea2975dc2f5
- SSDEEP
  
  768:z3ikgnPZFvCAT6DCPmVvNh0cOLDFIKHY0W+6xjNlqJFI:rikgx5CAehVIvEhlqJFI
Score

1^/10
behavioral18
- Target
  
  filecoder/filecoder.app/Contents/_CodeSignature/CodeResources
- Size
  
  6KB
- MD5
  
  f728d3dd9209c5494cbe5ec707df4f4e
- SHA1
  
  18ae5f67a08fac7c48a08c042b835f6c36dd67f0
- SHA256
  
  3006c694c79dd44373d91f2ce12454966cec9a67344346d6f9334d807fed2d18
- SHA512
  
  051404d9feb185dd3db7f7fcc64ecac424756f0caa4a9ffebd0c37875ecff9f91fc114a0ec54da17b7e5e77b57098a06223365a3446ca6b65d96788f204935a5
- SSDEEP
  
  96:CyTbFo6vSix3h/xW8ja+arrRV9svJnkY/BLDzFNQpO/Y8Jvy:Xjl9at+JTDzk1
Score

1^/10
behavioral19