Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

coconutBattery_latest.zip

Zip archive data, at least v2.0 to extract, compression method=store

initial sample

Details

Filetype:	Zip archive data, at least v2.0 to extract, compression method=store
Entropy:	7.992479074180112
Filename:	coconutBattery_latest.zip
Filesize:	13869304
MD5:	85d87de525ca2d6a2772a0a7897a11dd
SHA1:	b990d94578b0e08b13116ed1441c8cae718ba1b2
SHA256:	d3716279aa8fa684ff49633cd3a287c6118c0bd661de85e67fc02d8855e4922c
SHA512:	d09b17571048de9cbab5d6baf1556126eecbe7ef45509255f7ada7a247985751dcabac86a71cf131ead1148d66c1534fcc5f91078f9381bbff40ccd3e34d59fc
SSDEEP:	393216:szjGd29azhB91KDXYo3cNfwBAzhB+KDXUxEB:j2o9B91KDXl3IfwO9B+KDXXB
Preview:	PK........S..X.............. .coconutBattery.app/UT.....&f..&f].&fux.............PK........3..X.............. .coconutBattery.app/Contents/UT...R.&fR.&f].&fux.............PK........3..X............). .coconutBattery.app/Contents/CodeResourcesUT...R.&fR.&f

/dev/null

ASCII text

dropped

Details

File:	/dev/null
Category:	dropped
Dump:	null.264.dr
ID:	dr_0
Target ID:	264
Process:	/Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery
Type:	ASCII text
Entropy:	4.827312456866457
Encrypted:	false
Ssdeep:	3:tR7qcvef2VKFy3yr1LuWOv:nWfFy3yr1LvA
Size:	69
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/usr/libexec/xpcproxy

/usr/libexec/nsurlstoraged

/usr/libexec/nsurlstoraged --privileged

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open -b com.apple.Finder /Users/bernard/Desktop/unpack

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open /Users/bernard/Desktop/unpack/coconutBattery.app

/usr/libexec/xpcproxy

/Users/bernard/Desktop/unpack/coconutBattery.app/Contents/MacOS/coconutBattery

/usr/libexec/xpcproxy

/usr/libexec/firmwarecheckers/eficheck/eficheck

/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name

Malicious

https://www.coconut-flavour.com/coconutbattery/#pluscom.coconut-flavour.coconutBattery.updateIngoreL

unknown

https://coconut-flavour.com/ccbonline/upload_mac_db_pro.php

unknown

https://www.coconut-flavour.com/ccbonline/index.php?bid=%

unknown

https://www.coconut-flavour.com/coconutbattery/#plus

unknown

https://www.coconut-flavour.com/coconutbattery/printing.html

unknown

https://coconut-flavour.com/ccbonline_4/upload.php

unknown

https://www.coconut-flavour.com

unknown

https://www.coconut-flavour.comcoconutBattery

unknown

https://coconut-flavour.com/updates/coconutBattery.xml

unknown

https://www.coconut-flavour.com/coconutbattery/help.htmlhistorySortDescriptorThis

unknown

https://www.coconut-flavour.com/coconutbattery/help.html

unknown

https://coconut-flavour.com/coconutbattery/#plus

unknown

https://coconut-testing/ccbonline/upload.php

unknown

https://coconut-flavour.com/ccbonline/upload_ios_pro.php

unknown

There are 4 hidden URLs, click here to show them.

Domains

Name

Malicious

appledownload.map.fastly.net

151.101.195.8

h3.apis.apple.map.fastly.net

151.101.195.6

Details

Name:	h3.apis.apple.map.fastly.net
IP:	151.101.195.6
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.76.101.13

unknown

United States

Details

IP:	104.76.101.13
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

151.101.195.8

appledownload.map.fastly.net

United States

Details

IP:	151.101.195.8
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	appledownload.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.131.6

unknown

United States

Details

IP:	151.101.131.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.195.6

h3.apis.apple.map.fastly.net

United States

Details

IP:	151.101.195.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	h3.apis.apple.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.67.6

unknown

United States

Details

IP:	151.101.67.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
coconutBattery_latest.zip

Files

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportcoconutBattery_latest.zip

Files

Processes

URLs

Domains

IPs

IOC Report
coconutBattery_latest.zip