Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Install FxFactory 8.0.15.pkg
|
xar archive compressed TOC: 5487, SHA-1 checksum
|
initial sample
|
||
|
/dev/null
|
ASCII text
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsDirectory.db_
|
Mac OS X Keychain File
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsObject.db_
|
Mac OS X Keychain File
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
|
/usr/bin/open
|
/usr/bin/open /Users/bernard/Desktop/Install FxFactory 8.0.15.pkg
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
|
/System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/nsurlstoraged
|
/usr/libexec/nsurlstoraged --privileged
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
|
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apis.apple.map.fastly.net
|
151.101.3.6
|
||
|
updates.cdn-apple.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.101.3.6
|
apis.apple.map.fastly.net
|
United States
|
||
|
151.101.131.6
|
unknown
|
United States
|
||
|
151.101.67.6
|
unknown
|
United States
|