General
-
Target
FileCoder.zip
-
Size
157KB
-
Sample
250327-mn29faz1b1
-
MD5
fd66d3226dcd2ef199def516b3b0b4b6
-
SHA1
22e8ec0468fa34e0781b13c205b4bca5cfb92917
-
SHA256
9c3f4ee8eba7b34bb92c3a7a8f2cf50382363eb645e86b5b9eda5e576ea5d951
-
SHA512
739eb8297f21bd6249596f4f6c5fdbc515da79ea5dc7865d549e0e7a7165d3d92a70046439d756c66459fc25b0ca0b5971b131102fce6254fea820a0b1c776e6
-
SSDEEP
3072:fVMER/uBDXzwozHMS0a+2ncQX5R2yAekiz/DsG/wZ:fVJRGBwobR0xATR2yAekUKZ
Static task
static1
Behavioral task
behavioral1
Sample
FileCoder/FileCoder
Resource
macos-20241101-en
Malware Config
Extracted
/Users/run/Downloads/README!.txt
1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb
https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version
https://www.whatismyip.com
Targets
-
-
Target
FileCoder/FileCoder
-
Size
355KB
-
MD5
a4de8f25c75060b1a8cee817ec8e4e4a
-
SHA1
52b7efa7deeb2010665a7fc433a5ac33c4815875
-
SHA256
c9c7c7f1afa1d0760f63d895b8c9d5ab49821b2e4fe596b0c5ae94c308009e89
-
SHA512
5e29dbe0bb73400e45857c074429ca3a875065ad4938e222ff56052ed0cdec142aff15aba639a3713a393ce7baac26a6e648c21c87b9407ea6a8b9719316b501
-
SSDEEP
3072:tOttBofYRoEl5pXxMx5GaMmvdBJYbTqSsQdMky1vvizjMSmu8y2y+Eg74YYQ/uyH:efpBMxsaAT3Ak+azvgEqYQ5XPbFAXsr
-
Macfilecoder family
-
Login Hook
Adversaries may use a Login Hook to establish persistence executed upon user logon. A login hook is a plist file that points to a specific script to execute with root privileges upon user logon.
-
Queries the hardware information (I/O Kit registry).
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
-