macOS Analysis Report
Localizable.strings

Overview

General Information

Sample Name:	Localizable.strings
Analysis ID:	756111
MD5:	2c6cc441ccdea763c0be634ab46ae0f6
SHA1:	7968a661c4bf7f54a8ed1ef501a083a337aacf6e
SHA256:	41ecf6703414bbee3cf309de7b3c3b94a8495f93118f260ab3d2299ab405bb62
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false

Signatures

Reads launchservices plist files

Classification

Signatures

Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49302

Source: Localizable.strings	String found in binary or memory: http://blog.gete.net/lion-diskmaker-fr
Source: Localizable.strings	String found in binary or memory: http://blog.gete.net/lion-diskmaker-us
Source: Localizable.strings	String found in binary or memory: http://liondiskmaker.com/
Source: Localizable.strings	String found in binary or memory: http://liondiskmaker.com/?lang=fr
Source: Localizable.strings	String found in binary or memory: http://liondiskmaker.com/?page_id=149
Source: Localizable.strings	String found in binary or memory: http://liondiskmaker.com/?page_id=151&lang=fr

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.15.210
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.15.210
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.248.70

Source: classification engine

Classification label: clean0.macSTRINGS@0/0@0/0

Reads launchservices plist files

Source: /usr/bin/open (PID: 884)

Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plist

Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
88.221.168.210	unknown	European Union		16625	AKAMAI-ASUS	false

ID:	756111
Product:	CloudBasic
Start time:	16:43:26
Start date:	29.11.2022
Sample:	Localizable.strings
Cookbook:	defaultmacfilecookbook.jbs
System description:	Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Architecture:	MAC
MD5:	2c6cc441ccdea763c0be634ab46ae0f6
SHA1:	7968a661c4bf7f54a8ed1ef501a083a337aacf6e
SHA256:	41ecf6703414bbee3cf309de7b3c3b94a8495f93118f260ab3d2299ab405bb62

macOS Analysis Report
Localizable.strings

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Persistence and Installation Behavior

Screenshots

Network Map

Contacted Public IPs

macOS Analysis Report Localizable.strings

Overview

General Information

Detection

Signatures

Classification

Signatures

Networking

System Summary

Persistence and Installation Behavior

Screenshots

Network Map

Contacted Public IPs

macOS Analysis Report
Localizable.strings