macOS Analysis Report https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG

Overview

General Information

Sample URL: https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
Analysis ID: 881
Infos:

Most interesting Screenshot:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Opens the Safari browser app

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG Virustotal: Detection: 9% Perma Link
Source: unknown HTTPS traffic detected: 17.248.145.74:443 -> 192.168.11.11:49195 version: TLS 1.2
Source: unknown HTTPS traffic detected: 47.243.138.168:443 -> 192.168.11.11:49194 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49205 version: TLS 1.2
Source: unknown HTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49209 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.195.233:443 -> 192.168.11.11:49213 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.33.221.90:443 -> 192.168.11.11:49216 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.2:443 -> 192.168.11.11:49214 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.102:443 -> 192.168.11.11:49215 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.248.242.197:443 -> 192.168.11.11:49217 version: TLS 1.2
Source: unknown HTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49221 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.27.154:443 -> 192.168.11.11:49223 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown TCP traffic detected without corresponding DNS query: 17.253.55.204
Source: unknown TCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknown TCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknown TCP traffic detected without corresponding DNS query: 17.253.55.204
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown DNS traffic detected: queries for: sparkasse.corona-umstellungsverfahren-de.com
Source: .dat.nosync0210.bKXvUw.235.dr String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: .dat.nosync0210.8kfcUv.235.dr String found in binary or memory: https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49205
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49223
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49221
Source: unknown Network traffic detected: HTTP traffic on port 49209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49223 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49217
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49215
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49213
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49212
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49194
Source: unknown Network traffic detected: HTTP traffic on port 49205 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49213 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49209
Source: unknown Network traffic detected: HTTP traffic on port 49217 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49215 -> 443
Source: unknown HTTPS traffic detected: 17.248.145.74:443 -> 192.168.11.11:49195 version: TLS 1.2
Source: unknown HTTPS traffic detected: 47.243.138.168:443 -> 192.168.11.11:49194 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49205 version: TLS 1.2
Source: unknown HTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49209 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.186.195.233:443 -> 192.168.11.11:49213 version: TLS 1.2
Source: unknown HTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.33.221.90:443 -> 192.168.11.11:49216 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.2:443 -> 192.168.11.11:49214 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.102:443 -> 192.168.11.11:49215 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.248.242.197:443 -> 192.168.11.11:49217 version: TLS 1.2
Source: unknown HTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49221 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.27.154:443 -> 192.168.11.11:49223 version: TLS 1.2
Source: classification engine Classification label: mal48.mac@0/7@15/0

Persistence and Installation Behavior:

barindex
Opens the Safari browser app
Source: /usr/libexec/xpcproxy (PID: 528) Safari app opened: /Applications/Safari.app/Contents/MacOS/Safari Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) Random device file read: /dev/urandom Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) XML plist file created: /Users/berri/Library/Safari/.dat.nosync0210.bKXvUw Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0210.Is8mxg Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) Binary plist file created: /Users/berri/Library/Safari/.dat.nosync0210.8kfcUv Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs