General
-
Target
downloader_mac.dmg
-
Size
18.0MB
-
Sample
240210-msezpsdb24
-
MD5
51815c198cbd61e8268ceac415066277
-
SHA1
2e5ccf51d01fd1927b95d909f497e27d4d09de2c
-
SHA256
6a9eb2df291e6197e7b1fc57f7181ee22816abde7209566b4be6d4d78074e1dd
-
SHA512
2774a996204eaa63dd80a226b7aa02d4569f624ab681abfb847e412aed060b4b2104c10b78e8c857ee844d7cbbc7c8b5f0332ed6ccde59273edf651eebbfe483
-
SSDEEP
393216:YcTXyLgG9jfWZL3UJfopLIKzcGdJYnQ7xIXQMPgg1/UlyLgGtUgN6f:6Y3wfophzREPl1/UvgN6
Malware Config
Targets
-
-
Target
downloader_mac.dmg
-
Size
18.0MB
-
MD5
51815c198cbd61e8268ceac415066277
-
SHA1
2e5ccf51d01fd1927b95d909f497e27d4d09de2c
-
SHA256
6a9eb2df291e6197e7b1fc57f7181ee22816abde7209566b4be6d4d78074e1dd
-
SHA512
2774a996204eaa63dd80a226b7aa02d4569f624ab681abfb847e412aed060b4b2104c10b78e8c857ee844d7cbbc7c8b5f0332ed6ccde59273edf651eebbfe483
-
SSDEEP
393216:YcTXyLgG9jfWZL3UJfopLIKzcGdJYnQ7xIXQMPgg1/UlyLgGtUgN6f:6Y3wfophzREPl1/UvgN6
Score8/10-
Contacts a large (814) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Folx/Folx.app/Contents/Library/LoginItems/FolxScheduleHelper.app/Contents/MacOS/FolxScheduleHelper
-
Size
73KB
-
MD5
b206c5b91c48ce017da4dd79430dac36
-
SHA1
37bb04bdfa01374d40accf75991178c903e85a9f
-
SHA256
76550d35d2c088dc7736c6fd6b636b58a1e9c686404a7053dab898aa0baf20c9
-
SHA512
2fa60f0144733be962cde13bc5eb294d6a742119991d6e2bf6536d496b621fce0cabf14c3622b41bf0d599e8e695bfb4a2cb79f8d0d196fbfad046dc3e3747d4
-
SSDEEP
384:OuTchuJVQgXBiEX2So/kRunC48QddZ4tTUxLGlUJKnLi+52ow9fYr+Q8ar5JEWr5:OzhuJTBo/Hzx6ZrnCZf68eJEzab8
Score1/10 -
-
-
Target
Folx/Folx.app/Contents/MacOS/Folx
-
Size
7.3MB
-
MD5
4c7c80560c49685b21debbe2423489b2
-
SHA1
e8501161fce95f27d053a44292105882b7bcd2e3
-
SHA256
ec01e1d780839170e491769f70dcd37e8684257148e5811cf52bcb39d0fd4389
-
SHA512
272b1059d6fd2ce7053dbf0986fa92f299368a35d725db2e7e436f3934d97957e8fca70310ed492563c25ffebc399e8b067a3178f7e13201fbbef40837fb6a3d
-
SSDEEP
98304:y8kkI/9D/giTsufaPblm5xg6DKQx1eDeynrQTqsGa+QiMgKMaGbGbQyFOXXAFj:y8kkI/FgiTsukkKu1UeRqsGaobG9
Score1/10 -
-
-
Target
Folx/Folx.app/Contents/PlugIns/FolxSafariExtension.appex/Contents/MacOS/FolxSafariExtension
-
Size
78KB
-
MD5
f217f46ad5b225ded3bde400c81b28e6
-
SHA1
8a50a81b480391a406c3893db076f2da96c7191a
-
SHA256
f7cf5b7d2a12fa5a526a6d26c7904478c34a8a0b38560d86e2511790df909745
-
SHA512
a843691388482019481b9aef578819f6de5c621072517dc1f23044929dbf9f3041fc8e31f8c51c4d838c960fd44d63228d337c22f6d042edb0f884b23a2327a2
-
SSDEEP
768:N952LFTSkQqRu8iEM8M1xIU4aAtd48eJEr6ab8:J2LsuwV4aAtmXJEWK
Score1/10 -
-
-
Target
Folx/Folx.app/Contents/Resources/FolxAgent.app/Contents/MacOS/FolxAgent
-
Size
110KB
-
MD5
dc1eccfccc186ba809eee3c5098e20a8
-
SHA1
fd61f13bbfd2ea974a3e3025a4081d493ee018fb
-
SHA256
45eabe2c5ff70adbde4966a89033dca0f11072195fbff6aba26287a843373109
-
SHA512
dc3cc7ae231fdf451fa3539b3da13035b33456af3377f9b95f1fdd013a9b42961b6f4994d33f1415ae8054f96ad3a9acd87d773f52fde03755711ede4052518a
-
SSDEEP
1536:gnpbQlQJjNBzccOVjmLsvj1J5Q2fYk32GIIVV0JeyrtNSXJEbPK:ejNacAZvQIYk32GIIVVXsNK0P
Score4/10 -
-
-
Target
Folx/Folx.app/Contents/Resources/FolxAgent.app/Contents/Resources/folx-chrome-host
-
Size
74KB
-
MD5
6dd0b88334b5374f008548bbecdd5cd1
-
SHA1
aa4d4a22cf9083c01f2771f55c506462c0737802
-
SHA256
c65da5a7069f9046a7f5e890c6b61badd55974814b7de16c9b452f71805b00f0
-
SHA512
cad08b146e72e548cd580abb74f08404a92b1b4e6651eabbe1a35fcd3634605aeb63897cfce50d0d202b040fac4708df8818d94df844da7f4c5942fb52dc5c2b
-
SSDEEP
384:iO91pAfjoDzzlgh7eNdCucZGfRCpqIyzDSEttKxaB32O7i5ZHr+Q8ar5JEWrny1D:i0AborlEcRCtgO4tKcqh8eJEbgab8
Score4/10 -