Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

fonedog-powermymac.dmg

Status: finished
Submission Time: 2021-03-16 08:36:04 +01:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    369181
  • API (Web) ID:
    640413
  • Analysis Started:
    2021-03-16 08:36:05 +01:00
  • Analysis Finished:
    2021-03-16 08:45:54 +01:00
  • MD5:
    8766c643e6c6f6703f2f29190af27729
  • SHA1:
    d1350f779a2a115799c783ba944cf9ccba07d466
  • SHA256:
    6acafacfb7dbe0f934dcd713c43d957191ebf18508479cc76eec99bf5bc6b450
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 60
System: unknown

Third Party Analysis Engines

Open Full Report
malicious
Score: 9/48
malicious
Score: 7/28
malicious

IPs

IP Country Detection
142.250.185.67
 United States
173.194.76.154
 United States
104.20.59.238
 United States
Click to see the 7 hidden entries
17.253.57.206
 United States
151.139.244.24
 United States
54.215.194.75
 United States
17.122.193.92
 United States
104.76.200.212
 United States
17.248.146.109
 United States
54.193.57.239
 United States

Domains

Name IP Detection
stats.l.doubleclick.net
 173.194.76.154
gateway.fe.apple-dns.net
 17.248.146.109
ocsp.sectigo.com
 151.139.128.14
Click to see the 8 hidden entries
www.google.co.uk
 142.250.185.67
cdn.paddle.com
 104.20.59.238
wwwfonedogcom-cageofjztj2fjwov7srq.stackpathdns.com
 151.139.244.24
license-balance-979754602.us-west-1.elb.amazonaws.com
 54.193.57.239
www.fonedog.com
 0.0.0.0
powermymac.imymac.com
 0.0.0.0
settings.crashlytics.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0

URLs

Name Detection
https://reports.crashlytics.comhttps://api.crashlytics.com
http://www.andymatuschak.org/xml-namespaces/sparkle
https://reports.crashlytics.com
Click to see the 14 hidden entries
https://github.com/osxfuse/osxfuse/releases/download/osxfuse-3.8.2/osxfuse-3.8.2.dmg
https://www.fonedog.com/statics/powermymac/mac-installation.html
https://settings.crashlytics.com
https://sparkle-project.org/documentation/
https://api.crashlytics.com
https://sparkle-project.org/documentation/app-transport-security/
https://settings.crashlytics.com/spi/v2/platforms/mac/apps/com.fonedog.PowerMyMacPro/settings?build_
https://e.crashlytics.com/spi/v2/eventscollect_analyticstrack_custom_eventstrack_predefined_eventsma
https://sparkle-project.org/documentation/app-transport-security/v16
https://sparkle-project.org/documentation/app-transport-security/WARNING:
https://osxfuse.github.io
https://e.crashlytics.com/spi/v2/events
http://www.andymatuschak.org/xml-namespaces/sparkle-
https://www.fonedog.com/update/powermymac/

Dropped files

Name File Type Hashes Detection
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/v3/active/f299109a1e3c44ac87f2f02638bc48e6/binary_images.clsrecord
 ASCII text
 #
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
 Mac OS X Keychain File
 #
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
 Mac OS X Keychain File
 #
Click to see the 20 hidden entries
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync024a.0JKvjH
 Apple binary property list
 #
/dev/null
 ASCII text
 #
/Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist
 Apple binary property list
 #
/Users/berri/Library/Safari/Favicon Cache/favicons/.dat.nosync024a.132EOI
 MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
 #
/Users/berri/Library/Safari/.dat.nosync024a.gabVLw
 XML 1.0 document, ASCII text
 #
/Users/berri/Library/Safari/.dat.nosync024a.8VPA0B
 Apple binary property list
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/v3/active/f299109a1e3c44ac87f2f02638bc48e6/sdk.log
 ASCII text
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/v3/active/f299109a1e3c44ac87f2f02638bc48e6/metadata.clsrecord
 ASCII text, with very long lines
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/v3/active/f299109a1e3c44ac87f2f02638bc48e6/internal_incremental_kv.clsrecord
 ASCII text
 #
/Users/berri/Library/Application Support/com.fonedog.PowerMyMacPro/.dat.nosync0248.KRpHrN
 XML 1.0 document, ASCII text, with very long lines
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/EB7E2449-1A8C-4E70-85A5-D758234D448C.multipartmime
 data
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/A7E448AB-3342-45BC-A580-9057D8753B02.multipartmime
 data
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/95F6B757-A8C8-4EEE-9F46-66178FF70E1F.log
 ASCII text, with very long lines
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/95F6B757-A8C8-4EEE-9F46-66178FF70E1F.gz
 gzip compressed data
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/8F61AD0F-7EC0-4783-BC46-F4EB2A66AA2F.log
 ASCII text, with very long lines
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/events/8F61AD0F-7EC0-4783-BC46-F4EB2A66AA2F.gz
 gzip compressed data
 #
/Users/berri/Library/Caches/com.crashlytics.data/com.fonedog.PowerMyMacPro/analytics/v2/.dat.nosync0248.oUWp9X
 ASCII text, with very long lines, with no line terminators
 #
/Users/berri/Library/Application Support/com.fonedog.PowerMyMacPro/com.crashlytics/.dat.nosync0248.Z23aLi
 XML 1.0 document, ASCII text
 #
/Users/berri/Library/Application Support/com.fonedog.PowerMyMacPro/PowerMyMacProUserLogin.plist
 XML 1.0 document, ASCII text, with very long lines
 #
/Users/berri/Library/Application Support/com.fonedog.PowerMyMacPro/.dat.nosync0248.tGJjDi
 XML 1.0 document, ASCII text, with very long lines
 #