IOCReport

loading gif

Files

File Path
Type
Category
Malicious
#Ud83d#Udcde.htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
initial sample
 malicious
/Users/berri/Library/Safari/.dat.nosync023d.KFEApc
Apple binary property list
dropped
 clean
/Users/berri/Library/Safari/.dat.nosync023d.M2fcej
XML 1.0 document, ASCII text
dropped
 clean
/dev/null
ASCII text
dropped
 clean
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync023d.coDlpE
Apple binary property list
dropped
 clean
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
 clean
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
Mac OS X Keychain File
dropped
 clean

Processes

Path
Cmdline
Malicious
/usr/libexec/xpcproxy
n/a
 clean
/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
clean

Domains

Name
IP
Malicious
mamodmiappscn.firebaseapp.com
151.101.1.195
 clean
gateway.fe.apple-dns.net
17.248.145.229
 clean
cdnjs.cloudflare.com
104.16.18.94
 clean
unpkg.com
104.16.124.175
 clean
sslcnd.aioecoin.org
172.67.176.224
 clean

IPs

IP
Domain
Country
Malicious
17.171.27.65
unknown
United States
clean
17.253.109.201
unknown
United States
clean
17.248.145.229
gateway.fe.apple-dns.net
United States
clean
172.67.176.224
sslcnd.aioecoin.org
United States
clean
151.101.1.195
mamodmiappscn.firebaseapp.com
United States
clean
2.20.214.243
unknown
European Union
clean
104.16.124.175
unpkg.com
United States
clean
104.16.18.94
cdnjs.cloudflare.com
United States
clean