Overview

overview

3

Static

static

3

TrollFools...-2.zip

windows7-x64

1

TrollFools...-2.zip

windows10-2004-x64

1

Payload/Tr...trings

windows7-x64

3

Payload/Tr...trings

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TrollFools14_2.5-2.tipa

  • Size

    5.3MB

  • MD5

    4a80329ca5d17a9cdb81e96e672624d2

  • SHA1

    5bc2062d8815ed61e8e37f8330ac3b17b9e0b8c1

  • SHA256

    54f710b2dadab6bab00f29eda586e37743dbebe28b2f5fdd623f87db8e1dab62

  • SHA512

    fb1a9ed10c2f1f03cd00cfd3c06a75c56177d31c37d1fd404b1031ac7a9b24daae16c4f3155d05b1b3ed3d69c7342928f3e32a09f1ad4ddc1f7ccf153cfccbca

  • SSDEEP

    98304:R6BBQvlLUolct2K1UFR+Y7PgAgteifZI4E/klZCmNoppgjrS4WvuYael+HFFBKx+:Rkmv9NlctX1Un+Y7IlXZI4EcZupgjrSU

Score
3/10

Malware Config

Signatures

  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

Files

  • TrollFools14_2.5-2.tipa
    .zip
  • Payload/TrollFools.app/[email protected]
    .png
  • Payload/TrollFools.app/AppIcon76x76@2x~ipad.png
    .png
  • Payload/TrollFools.app/Assets.car
  • Payload/TrollFools.app/CocoaLumberjack_CocoaLumberjack.bundle/Info.plist
  • Payload/TrollFools.app/CocoaLumberjack_CocoaLumberjack.bundle/PrivacyInfo.xcprivacy
    .xml
  • Payload/TrollFools.app/CydiaSubstrate.framework.zip
    .zip
  • CydiaSubstrate.framework/CydiaSubstrate
    .dylib macos arch:arm64
  • CydiaSubstrate.framework/Info.plist
  • Payload/TrollFools.app/Info.plist
  • Payload/TrollFools.app/PkgInfo
  • Payload/TrollFools.app/TrollFools
    .macho macos arch:arm64
  • Payload/TrollFools.app/ZIPFoundation_ZIPFoundation.bundle/Info.plist
  • Payload/TrollFools.app/ZIPFoundation_ZIPFoundation.bundle/PrivacyInfo.xcprivacy
    .xml
  • Payload/TrollFools.app/_CodeSignature/CodeResources
    .xml
  • Payload/TrollFools.app/chown
    .macho macos arch:arm64
  • Payload/TrollFools.app/cp
    .macho macos arch:arm64
  • Payload/TrollFools.app/cp-15
    .macho macos arch:arm64
  • Payload/TrollFools.app/ct_bypass
    .macho macos arch:arm64
  • Payload/TrollFools.app/en.lproj/Localizable.strings
  • Payload/TrollFools.app/insert_dylib
    .macho macos arch:arm64
  • Payload/TrollFools.app/install_name_tool
    .macho macos arch:arm64
  • Payload/TrollFools.app/ldid
    .macho macos arch:arm64
  • Payload/TrollFools.app/ldid-14
    .macho macos arch:arm64
  • Payload/TrollFools.app/libcrypto.3.dylib
    .dylib macos arch:arm64
  • Payload/TrollFools.app/libintl.8.dylib
    .dylib macos arch:arm64
  • Payload/TrollFools.app/libiosexec.1.dylib
    .dylib macos arch:arm64
  • Payload/TrollFools.app/libplist-2.0.3.dylib
    .dylib macos arch:arm64
  • Payload/TrollFools.app/libxar.1.dylib
    .dylib macos arch:arm64
  • Payload/TrollFools.app/mkdir
    .macho macos arch:arm64
  • Payload/TrollFools.app/mv
    .macho macos arch:arm64
  • Payload/TrollFools.app/mv-15
    .macho macos arch:arm64
  • Payload/TrollFools.app/optool
    .macho macos arch:arm64
  • Payload/TrollFools.app/rm
    .macho macos arch:arm64
  • Payload/TrollFools.app/zh-Hans.lproj/Localizable.strings