Extracted

• • Target

    FileCoder/FileCoder

  • Size

    355KB

  • MD5

    a4de8f25c75060b1a8cee817ec8e4e4a

  • SHA1

    52b7efa7deeb2010665a7fc433a5ac33c4815875

  • SHA256

    c9c7c7f1afa1d0760f63d895b8c9d5ab49821b2e4fe596b0c5ae94c308009e89

  • SHA512

    5e29dbe0bb73400e45857c074429ca3a875065ad4938e222ff56052ed0cdec142aff15aba639a3713a393ce7baac26a6e648c21c87b9407ea6a8b9719316b501

  • SSDEEP

    3072:tOttBofYRoEl5pXxMx5GaMmvdBJYbTqSsQdMky1vvizjMSmu8y2y+Eg74YYQ/uyH:efpBMxsaAT3Ak+azvgEqYQ5XPbFAXsr

  Score

  10^/10

  macfilecoderdefense_evasiondiscoverypersistenceprivilege_escalationransomware

  • MacOSFilecoder

    MacOSFilecoder family.

    ransomwaremacfilecoder

  • Macfilecoder family

    macfilecoder

  • Login Hook

    Adversaries may use a Login Hook to establish persistence executed upon user logon. A login hook is a plist file that points to a specific script to execute with root privileges upon user logon.

    persistenceprivilege_escalation

  • Queries the hardware information (I/O Kit registry).

    An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

    discovery
  behavioral1