Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
DiskMaker_X_9.dmg
|
bzip2 compressed data, block size = 100k
|
initial sample
|
||
/Users/berri/Library/Logs/DiskMakerX.log
|
ASCII text
|
dropped
|
||
/dev/null
|
ASCII text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
n/a
|
||
/usr/bin/open
|
|||
/usr/libexec/xpcproxy
|
n/a
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo $HOME
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c touch '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/usr/bin/touch
|
touch /Users/berri/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo '--------------------------------------------------------------------------------' >> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c date >> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/bin/sh
|
n/a
|
||
/bin/date
|
date
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Home Path: ' '/Users/berri'>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c defaults read NSGlobalDomain AppleLanguages
|
||
/usr/bin/defaults
|
defaults read NSGlobalDomain AppleLanguages
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Current Language: ' en-CH>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c sw_vers -productVersion | cut -c 1-4
|
||
/bin/sh
|
n/a
|
||
/usr/bin/sw_vers
|
sw_vers -productVersion
|
||
/bin/sh
|
n/a
|
||
/usr/bin/cut
|
cut -c 1-4
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c sw_vers -productVersion | cut -c 4-4
|
||
/bin/sh
|
n/a
|
||
/usr/bin/sw_vers
|
sw_vers -productVersion
|
||
/bin/sh
|
n/a
|
||
/usr/bin/cut
|
cut -c 4-4
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c sw_vers -productVersion | cut -c 1-5
|
||
/bin/sh
|
n/a
|
||
/usr/bin/sw_vers
|
sw_vers -productVersion
|
||
/bin/sh
|
n/a
|
||
/usr/bin/cut
|
cut -c 1-5
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c sw_vers -productVersion | cut -c 4-5
|
||
/bin/sh
|
n/a
|
||
/usr/bin/sw_vers
|
sw_vers -productVersion
|
||
/bin/sh
|
n/a
|
||
/usr/bin/cut
|
cut -c 4-5
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Current OS: ' 10.13>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c id -G
|
||
/usr/bin/id
|
id -G
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Is this user an admin : ' true>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c ps auxc
|
||
/bin/ps
|
ps auxc
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Path Finder launched : ' false>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c curl http://diskmakerx.com/CurrentLDMVersion
|
||
/usr/bin/curl
|
curl http://diskmakerx.com/CurrentLDMVersion
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo 'Selected OS: ' 10.15>> '/Users/berri'/Library/Logs/DiskMakerX.log
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c mdfind -name 'Install macOS Catalina' | grep -v Library | head -1
|
||
/bin/sh
|
n/a
|
||
/usr/bin/mdfind
|
mdfind -name Install macOS Catalina
|
||
/bin/sh
|
n/a
|
||
/usr/bin/grep
|
grep -v Library
|
||
/bin/sh
|
n/a
|
||
/usr/bin/head
|
head -1
|
||
/Volumes/DiskMaker X 9/DiskMaker X 9 for macOS Catalina.app/Contents/MacOS/applet
|
n/a
|
||
/bin/sh
|
sh -c echo '' | wc -l
|
||
/bin/sh
|
n/a
|
||
/bin/sh
|
n/a
|
||
/usr/bin/wc
|
wc -l
|
||
/usr/libexec/automountd
|
n/a
|
||
/usr/libexec/od_user_homes
|
/usr/libexec/od_user_homes .localized
|
There are 68 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://diskmakerx.com/CurrentLDMVersion
|
217.160.0.214
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
diskmakerx.com
|
217.160.0.214
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
217.160.0.214
|
diskmakerx.com
|
Germany
|
||
23.3.109.8
|
unknown
|
United States
|