IOC Report
ot-test-app-darwin-x64-1.0.1.zip

loading gif

Files

File Path
Type
Category
Malicious
ot-test-app-darwin-x64-1.0.1.zip
Zip archive data, at least v1.0 to extract, compression method=store
initial sample
/Users/bernard/Library/Application Support/ot-test-app/.com.electron.ot-test-app.qSVAxM
JSON data
dropped
/Users/bernard/Library/Application Support/ot-test-app/000001.dbtmp
ASCII text
dropped
/Users/bernard/Library/Application Support/ot-test-app/000002.dbtmp
ASCII text
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/0be797289528155c_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/2940195bd9870d6e_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/2dfde53b7dad7403_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/2f577e369a332ade_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/478ad7214b5adf30_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/62577db59fc9ecfa_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/63fcd95fbcfe52d8_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/64a158b52d8d7f13_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/72153b705d2b0ca1_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/9e8725181fa08ea9_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/a8afd1f866157e03_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/b542690c1b3a7038_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/eea7151f88f29c03_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/fb27a8b3cedb4d00_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/fbcc112b005136fb_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/index
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cache/index-dir/temp-index
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/402c5ed80cf90429_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/55278cefcf389f81_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/a0a94bbe1c33ff23_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/d90671bec5e9eb37_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/da20b6cbeff987ad_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/f6a4b760a9c11ff3_0
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/index
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/index-dir/temp-index
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cookies
SQLite 3.x database, last written using SQLite version 3027001, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
dropped
/Users/bernard/Library/Application Support/ot-test-app/Cookies-journal
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_1
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_2
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_3
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/index
data
dropped
/Users/bernard/Library/Application Support/ot-test-app/LOG
ASCII text
dropped
/Users/bernard/Library/Application Support/ot-test-app/MANIFEST-000001
OpenPGP Secret Key
dropped
/Users/bernard/Library/Application Support/ot-test-app/MANIFEST-000002
MPEG-4 LOAS
dropped
/dev/null
ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsObject.db_
Mac OS X Keychain File
dropped
There are 32 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/libexec/xpcproxy
-
/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
-
/usr/bin/open
/usr/bin/open -b com.apple.Finder /Users/bernard/Desktop/unpack
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
-
/usr/bin/open
/usr/bin/open /Users/bernard/Desktop/unpack/ot-test-app.app
/usr/libexec/xpcproxy
-
/Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app
/Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app
/Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper
-
/Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper
-
/Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper
-
/usr/libexec/xpcproxy
-
/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
/usr/libexec/xpcproxy
-
/usr/libexec/firmwarecheckers/eficheck/eficheck
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.css
34.120.41.26
http://schema.org/NewsArticle
unknown
https://stats.g.doubleclick.net/g/collect
unknown
http://crbug.com/26312
unknown
https://optiturn.com/i
unknown
http://schema.org/Corporation
unknown
https://chromedevtools.github.io/devtools-protocol/tot/$
unknown
https://sandbox.optiturn.com/assets/optoro-kite-logo-gray.svg
34.120.41.26
http://schema.org/TechArticle
unknown
http://www.inkscape.org/)
unknown
http://www.unicode.org/copyright.html
unknown
https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
unknown
http://schema.org/GovernmentOrganization
unknown
https://sandbox.optiturn.com/session/new?mobile=1
34.120.41.26
https://developers.google.com/web/tools/lighthouse/
unknown
https://csp.withgoogle.com/csp/report-to/apps-themes
unknown
https://developers.google.com/web/fundamentals/accessibility/accessible-styles#color_and_contrast
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://sandbox.optiturn.com/assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css
34.120.41.26
https://developers.google.com/web/tools/chrome-devtools/
unknown
https://support.google.com/chrome/?p=datasaver
unknown
https://sandbox.optiturn.com/assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js
34.120.41.26
http://docs.jquery.com/Plugins/Validation
unknown
https://github.com/WICG/webpackage
unknown
http://schema.org/Article
unknown
https://www.google.com
unknown
http://www.opensource.org/licenses/mit-license.php
unknown
https://sandbox.optiturn.com/images/spinner.gif
34.120.41.26
http://www.youtube.com/embed/
unknown
https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
unknown
http://www.html5rocks.com/en/tutorials/canvas/hidpi/
unknown
https://developers.google.com/chrome-developer-tools/docs/remote-debugging
unknown
https://github.com/Squirrel/Squirrel.Mac/issues/182
unknown
https://stats.g.doubleclick.net/j/collect
unknown
https://crbug.com/852872):
unknown
https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
unknown
http://schema.org/BlogPosting
unknown
https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtoo
unknown
http://schema.org/EducationalOrganization
unknown
https://github.com/GoogleChrome/devtools-docs/issues/53
unknown
https://chrome-devtools-frontend.appspot.com
unknown
http://schema.org/Person
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=559258
unknown
https://sandbox.optiturn.com/assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css.reveal-if-acti
unknown
https://sandbox.optiturn.com/images/spinner.gifGIF89ax
unknown
https://developers.google.com/web/tools/chrome-devtools/sources?utm_source=devtools&utm_campaign=201
unknown
https://developers.google.com/web/fundamentals/performance/rendering/
unknown
https://tagassistant.google.com/
unknown
https://sandbox.optiturn.com/images/mobile-optiturn-logo-2x.png
34.120.41.26
http://schema.org/NGO
unknown
https://adservice.google.com/pagead/regclk
unknown
http://127.0.0.1
unknown
https://optiturn.com/
unknown
http://schema.org/ImageObject
unknown
https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
unknown
https://cct.google/taggy/agent.js
unknown
https://github.com/GoogleChrome/lighthouse/issues/new?
unknown
http://creativecommons.org/ns#
unknown
https://developers.google.com/web/fundamentals/performance/user-centric-performance-metrics#user-cen
unknown
https://crbug.com/740629)
unknown
http://schema.org/ScholarlyArticle
unknown
https://developers.google.com/web/tools/lighthouse/)
unknown
https://sandbox.optiturn.com/assets/jquery-1.12.2.min-fixed.js
34.120.41.26
https://nodejs.org/en/docs/inspector/
unknown
https://www.chromestatus.com/feature/5629709824032768
unknown
https://www.google.com/ads/ga-audiences
unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
unknown
https://www.google.%/ads/ga-audiences
unknown
https://td.doubleclick.net
unknown
https://optiturn.com/?
unknown
https://www.merchant-center-analytics.goog
unknown
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
https://js.honeybadger.io/v6.5/honeybadger.min.js
143.244.49.177
http://www.gnu.org/licenses/gpl.html
unknown
https://bugs.webkit.org/show_bug.cgi?id=28885
unknown
https://csp.withgoogle.com/csp/apps-themes
unknown
https://github.com/google/closure-compiler/issues/544
unknown
https://developers.google.com/web/tools/chrome-devtools/progressive-web-apps#opaque-responses
unknown
http://schema.org/Organization
unknown
https://developer.chrome.com/devtools/docs/remote-debugging#port-forwarding
unknown
http://www.inkscape.org/namespaces/inkscape
unknown
http://bassistance.de/jquery-plugins/jquery-plugin-validation/
unknown
https://sandbox.optiturn.com/assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js
34.120.41.26
There are 73 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
honeybadger-js.b-cdn.net
143.244.49.177
apis.apple.map.fastly.net
151.101.131.6
sandbox.optiturn.com
34.120.41.26
js.honeybadger.io
unknown
updates.cdn-apple.com
unknown

IPs

IP
Domain
Country
Malicious
151.101.3.6
unknown
United States
34.120.41.26
sandbox.optiturn.com
United States
151.101.67.6
unknown
United States
143.244.49.177
honeybadger-js.b-cdn.net
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
10bcff000
page readonly
1054d0000
page readonly
1054a3000
page execute read
110246000
page readonly
10be10000
page readonly
10bcdd000
page execute read
11020d000
page read and write
1054cf000
page read and write
10eee2000
page readonly
10bdf8000
page execute read
10bb12000
page readonly
110212000
page read and write
10bd1d000
page execute read
10be0d000
page read and write
10c246000
page readonly
10bcf9000
page read and write
10f58f000
page readonly
11018e000
page execute read
10bb11000
page readonly
10be23000
page execute read
10e66b000
page readonly
10e714000
page readonly
11026f000
page readonly
10bd94000
page readonly
10bd96000
page readonly
10f5cb000
page readonly
10bd81000
page read and write
10bb31000
page readonly
10e802000
page readonly
1054d2000
page read and write
10c0a5000
page read and write
10b687000
page read and write
10eac2000
page readonly
1054cc000
page read and write
10c2a4000
page readonly
10eaa4000
page readonly
10ea80000
page readonly
10dc91000
page readonly
There are 28 hidden memdumps, click here to show them.