macOS Analysis Report
Install FxFactory 8.0.15.pkg

Overview

General Information

Sample name: Install FxFactory 8.0.15.pkg
Analysis ID: 1427954
MD5: d0b6dea52fb7260db0ad4eeb0398756a
SHA1: d0b0ba9d4e6c33f1e42f6655e53eab5630cd93e3
SHA256: 12d8180c4b86515d7229c3abc7f1dd0e2a14c11d1fab7a975ca3cd5d81142f51
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false

Signatures

Reads hardware related sysctl values
Reads the systems OS release and/or type
Reads the systems hostname
Uses CFNetwork bundle containing interfaces for network communication (HTTP, sockets, and Bonjour)
Uses Security framework containing interfaces for system-level user authentication and authorization

Classification

Source: unknown HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49368 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49371 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49403 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.18
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown DNS traffic detected: queries for: apis.apple.map.fastly.net
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://crl.apple.com/root.crl0
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://ocsp.apple.com/ocsp03-devid070
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://www.apple.com/appleca0
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: Install FxFactory 8.0.15.pkg String found in binary or memory: https://www.apple.com/appleca/0
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49403
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49380
Source: unknown Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49403 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49380 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49371
Source: unknown Network traffic detected: HTTP traffic on port 49371 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49404
Source: unknown HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49368 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49371 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49403 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: classification engine Classification label: clean2.macPKG@0/3@3/0
Uses CFNetwork bundle containing interfaces for network communication (HTTP, sockets, and Bonjour)
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) CFNetwork info plist opened: /System/Library/Frameworks/CFNetwork.framework/Resources/Info.plist Jump to behavior
Uses Security framework containing interfaces for system-level user authentication and authorization
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Security framework info plist opened: /System/Library/Frameworks/Security.framework/Resources/Info.plist Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist Jump to behavior
Source: Install FxFactory 8.0.15.pkg, Payload Binary or memory string: ThGfs
Reads hardware related sysctl values
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl read request: hw.cpu_freq (6.15) Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl read request: hw.ncpu (6.3) Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl read request: hw.memsize (6.24) Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl read request: hw.availcpu (6.25) Jump to behavior
Reads the systems OS release and/or type
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl requested: kern.ostype (1.1) Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl requested: kern.osrelease (1.2) Jump to behavior
Reads the systems hostname
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) Sysctl requested: kern.hostname (1.10) Jump to behavior
Source: /usr/bin/open (PID: 621) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
Source: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer (PID: 622) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
cam-macmac-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
151.101.3.6
 apis.apple.map.fastly.net United States
54113 FASTLYUS false
151.101.131.6
 unknown United States
54113 FASTLYUS false
151.101.67.6
 unknown United States
54113 FASTLYUS false

Contacted Domains

Name IP Active
apis.apple.map.fastly.net 151.101.3.6 true
updates.cdn-apple.com unknown unknown