macOS Analysis Report
coconutBattery_latest.zip

Overview

General Information

Sample name:	coconutBattery_latest.zip
Analysis ID:	1544362
MD5:	85d87de525ca2d6a2772a0a7897a11dd
SHA1:	b990d94578b0e08b13116ed1441c8cae718ba1b2
SHA256:	d3716279aa8fa684ff49633cd3a287c6118c0bd661de85e67fc02d8855e4922c
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false

Signatures

Contains symbols with suspicious names likely related to networking

Contains symbols with suspicious names likely related to well-known browsers

Reads hardware related sysctl values

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Reads the systems OS release and/or type

Reads the systems hostname

Classification

Signatures

Source: unknown	HTTPS traffic detected: 17.248.199.71:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49423 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49425 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49434 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49446 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49447 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49448 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49449 version: TLS 1.2

Contains symbols with suspicious names likely related to networking

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV8setValue_18forHTTPHeaderFieldySSSg_SStF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV10httpMethodSSSgvs
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV8setValue_18forHTTPHeaderFieldySSSg_SStF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV10httpMethodSSSgvs
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /2021/mobileassets/041-40471/B96AF6E1-5FF6-4786-9956-944A1AFE086A/com_apple_MobileAsset_KextDenyList/404087a7302927411b6ea0e05114d2c68355185e.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/052-54451/D609556E-69B1-482E-9C33-B2E3510A1311/com_apple_MobileAsset_TimeZoneUpdate/c5a4d0df08e8faecf4faebbbadc4d96a07d9d990.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/062-08173/234EE7F7-CC33-4CD3-85FC-60590A103560/com_apple_MobileAsset_CoreSuggestions/84f6102e2a09dd10dd694d795792a7771b6014fc.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CodeResources	String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: coconutBattery	String found in binary or memory: http://crl.apple.com/root.crl0
Source: coconutBattery	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: coconutBattery	String found in binary or memory: http://ocsp.apple.com/ocsp03-devid060
Source: coconutBattery	String found in binary or memory: http://support-sp.apple.com/sp/product?cc=%
Source: coconutBattery, CodeResources	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: coconutBattery	String found in binary or memory: http://www.apple.com/appleca0
Source: coconutBattery	String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline/upload_ios_pro.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline/upload_mac_db_pro.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline_4/upload.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/coconutbattery/#plus
Source: Info.plist	String found in binary or memory: https://coconut-flavour.com/updates/coconutBattery.xml
Source: coconutBattery	String found in binary or memory: https://coconut-testing/ccbonline/upload.php
Source: coconutBattery	String found in binary or memory: https://www.apple.com/appleca/0
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/ccbonline/index.php?bid=%
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/#plus
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/#pluscom.coconut-flavour.coconutBattery.updateIngoreL
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/help.html
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/help.htmlhistorySortDescriptorThis
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/printing.html
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.comcoconutBattery

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49422
Source: unknown	Network traffic detected: HTTP traffic on port 49433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49438
Source: unknown	Network traffic detected: HTTP traffic on port 49434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49430
Source: unknown	Network traffic detected: HTTP traffic on port 49430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 49428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49428
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49448

Source: unknown	HTTPS traffic detected: 17.248.199.71:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49423 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49425 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49434 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49446 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49447 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49448 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49449 version: TLS 1.2

Source: classification engine

Classification label: clean3.macZIP@0/1@1/0

Contains symbols with suspicious names likely related to well-known browsers

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_operatingSystemVersion

Source: extracted file from ZIP submission	CodeResources XML file: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/_CodeSignature/CodeResources
Source: extracted file from ZIP submission	CodeResources XML file: coconutBattery.app/Contents/_CodeSignature/CodeResources

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 648)

Random device file read: /dev/random

Jump to behavior

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: submission

CodeSign Info: Executable=/Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery

Source: coconutBattery	Binary or memory string: VMware
Source: coconutBattery	Binary or memory string: VMwareH
Source: coconutBattery	Binary or memory string: VMWare Virtual Machine

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl read request: kern.safeboot (1.66)

Jump to behavior

Reads hardware related sysctl values

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl read request: hw.availcpu (6.25)

Jump to behavior

Reads the systems OS release and/or type

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	Sysctl requested: kern.ostype (1.1)			Jump to behavior
Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	Sysctl requested: kern.osrelease (1.2)			Jump to behavior

Reads the systems hostname

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl requested: kern.hostname (1.10)

Jump to behavior

Source: /usr/bin/open (PID: 619)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/open (PID: 622)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.76.101.13	unknown	United States	16625	AKAMAI-ASUS	false
151.101.195.8	appledownload.map.fastly.net	United States	54113	FASTLYUS	false
151.101.131.6	unknown	United States	54113	FASTLYUS	false
151.101.195.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Contacted Domains

Name	IP	Active
appledownload.map.fastly.net	151.101.195.8	true
h3.apis.apple.map.fastly.net	151.101.195.6	true

Name	Type	MD5	SHA1	SHA256
/dev/null	ASCII text	FD3767CCE0503BACEFDB9A588E4E7E0D	312284E065A676F907A10E8C1DC7D7E9C22B2AF7	CD61A840964E35A8F2F47910622E321B1145028FDA2C1BFD0EF210950BA0F029

Source: unknown	HTTPS traffic detected: 17.248.199.71:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49423 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49425 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49434 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49446 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49447 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49448 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49449 version: TLS 1.2

Contains symbols with suspicious names likely related to networking

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV8setValue_18forHTTPHeaderFieldySSSg_SStF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV10httpMethodSSSgvs
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _CFNotificationCenterAddObserver
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV8setValue_18forHTTPHeaderFieldySSSg_SStF
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation10URLRequestV10httpMethodSSSgvs
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionSendMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDServiceConnectionReceiveMessage
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _AMDeviceConnect
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _SecItemImport
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSSearchPathForDirectoriesInDomains
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _NSURLAuthenticationMethodServerTrust
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _OBJC_CLASS_$_NSHTTPURLResponse
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding2to18wrappingComponentsAA4DateVSgAA0iH0V_AISbtF

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.71
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /2021/mobileassets/041-40471/B96AF6E1-5FF6-4786-9956-944A1AFE086A/com_apple_MobileAsset_KextDenyList/404087a7302927411b6ea0e05114d2c68355185e.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/052-54451/D609556E-69B1-482E-9C33-B2E3510A1311/com_apple_MobileAsset_TimeZoneUpdate/c5a4d0df08e8faecf4faebbbadc4d96a07d9d990.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/062-08173/234EE7F7-CC33-4CD3-85FC-60590A103560/com_apple_MobileAsset_CoreSuggestions/84f6102e2a09dd10dd694d795792a7771b6014fc.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CodeResources	String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: coconutBattery	String found in binary or memory: http://crl.apple.com/root.crl0
Source: coconutBattery	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: coconutBattery	String found in binary or memory: http://ocsp.apple.com/ocsp03-devid060
Source: coconutBattery	String found in binary or memory: http://support-sp.apple.com/sp/product?cc=%
Source: coconutBattery, CodeResources	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: coconutBattery	String found in binary or memory: http://www.apple.com/appleca0
Source: coconutBattery	String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline/upload_ios_pro.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline/upload_mac_db_pro.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/ccbonline_4/upload.php
Source: coconutBattery	String found in binary or memory: https://coconut-flavour.com/coconutbattery/#plus
Source: Info.plist	String found in binary or memory: https://coconut-flavour.com/updates/coconutBattery.xml
Source: coconutBattery	String found in binary or memory: https://coconut-testing/ccbonline/upload.php
Source: coconutBattery	String found in binary or memory: https://www.apple.com/appleca/0
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/ccbonline/index.php?bid=%
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/#plus
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/#pluscom.coconut-flavour.coconutBattery.updateIngoreL
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/help.html
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/help.htmlhistorySortDescriptorThis
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.com/coconutbattery/printing.html
Source: coconutBattery	String found in binary or memory: https://www.coconut-flavour.comcoconutBattery

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49422
Source: unknown	Network traffic detected: HTTP traffic on port 49433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49438
Source: unknown	Network traffic detected: HTTP traffic on port 49434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49430
Source: unknown	Network traffic detected: HTTP traffic on port 49430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 49428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49428
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49448

Source: unknown	HTTPS traffic detected: 17.248.199.71:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49423 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49425 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49434 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.8:443 -> 192.168.11.12:49432 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49438 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49446 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49447 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49448 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49449 version: TLS 1.2

Source: classification engine

Classification label: clean3.macZIP@0/1@1/0

Contains symbols with suspicious names likely related to well-known browsers

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O symbol: __swift_stdlib_operatingSystemVersion

Source: extracted file from ZIP submission	CodeResources XML file: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/_CodeSignature/CodeResources
Source: extracted file from ZIP submission	CodeResources XML file: coconutBattery.app/Contents/_CodeSignature/CodeResources

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice

Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/Library/LoginItems/coconutBattery Menu.app/Contents/MacOS/coconutBattery Menu	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: coconutBattery.app/Contents/MacOS/coconutBattery	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 648)

Random device file read: /dev/random

Jump to behavior

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: submission

CodeSign Info: Executable=/Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery

Source: coconutBattery	Binary or memory string: VMware
Source: coconutBattery	Binary or memory string: VMwareH
Source: coconutBattery	Binary or memory string: VMWare Virtual Machine

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl read request: kern.safeboot (1.66)

Jump to behavior

Reads hardware related sysctl values

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl read request: hw.availcpu (6.25)

Jump to behavior

Reads the systems OS release and/or type

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	Sysctl requested: kern.ostype (1.1)			Jump to behavior
Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	Sysctl requested: kern.osrelease (1.2)			Jump to behavior

Reads the systems hostname

Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)

Sysctl requested: kern.hostname (1.10)

Jump to behavior

Source: /usr/bin/open (PID: 619)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/open (PID: 622)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery (PID: 623)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior

ID:	1544362
Product:	CloudBasic
Start time:	10:24:46
Start date:	29.10.2024
Sample:	coconutBattery_latest.zip
Cookbook:	defaultmacfilecookbook.jbs
System description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Architecture:	MAC
MD5:	85d87de525ca2d6a2772a0a7897a11dd
SHA1:	b990d94578b0e08b13116ed1441c8cae718ba1b2
SHA256:	d3716279aa8fa684ff49633cd3a287c6118c0bd661de85e67fc02d8855e4922c
Filetype:	Mac OS X Application Bundle (12004/1) 59.99%

macOS Analysis Report
coconutBattery_latest.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report coconutBattery_latest.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report
coconutBattery_latest.zip