Edit tour

macOS Analysis Report
CGESrv

Overview

General Information

Sample name:	CGESrv
Analysis ID:	1578045
MD5:	f0d721e663f6e3a2fafd2a27ef95cee0
SHA1:	1ddefc194d322e23e480f6143b958dffe6bae21f
SHA256:	c8df7fb1bed859df3932704053bf581482b33bed6effc5ef1f2a2efebdfd2396
Infos:

Detection

CobaltStrike

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Contains symbols with suspicious names likely related to anti-analysis

Contains symbols with suspicious names likely related to networking

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578045
Start date and time:	2024-12-19 08:04:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Sample name:	CGESrv
Detection:	MAL
Classification:	mal56.troj.mac@0/0@1/0

Warnings

Excluded IPs from analysis (whitelisted): 17.253.7.131, 17.253.49.201, 17.253.1.204, 17.253.127.134, 17.253.5.203, 17.253.83.198, 17.253.21.205, 17.253.85.202, 17.253.54.197, 17.253.7.134, 17.253.7.145, 17.36.200.79, 17.253.7.135, 17.253.7.142, 23.202.144.19, 17.253.7.136
Excluded domains from analysis (whitelisted): lcdn-locator-usuqo.apple.com.akadns.net, updates.cdn-apple.com.akadns.net, e673.dsce9.akamaiedge.net, crl.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, lcdn-locator.apple.com.akadns.net, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, itunes.apple.com.edgekey.net, init.itunes.apple.com, mesu.apple.com, updates.cdn-apple.com, init-cdn.itunes-apple.com.akadns.net
VT rate limit hit for: https://api.jieyafei.comtracecheckstackownershiphash

Runtime Messages

Command:	/Users/bernard/Desktop/CGESrv
PID:	620
Exit Code:	134
Exit Code Info:	SIGABRT (6) Abort signal from abort
Killed:	False
Standard Output:
Standard Error:	dyld: cannot load 'CGESrv' (load command 0x80000034 is unknown)

Process Tree

System is macvm-mojave

mono-sgen32 New Fork (PID: 620, Parent: 537)

CGESrv (MD5: f0d721e663f6e3a2fafd2a27ef95cee0) Arguments: /Users/bernard/Desktop/CGESrv

xpcproxy New Fork (PID: 640, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
CGESrv	JoeSecurity_CobaltStrike_6	Yara detected CobaltStrike	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: CGESrv	Virustotal: Detection: 36%			Perma Link
Source: CGESrv	ReversingLabs: Detection: 18%

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49398 version: TLS 1.2

Source: submission: CGESrv	Mach-O symbol: _connect
Source: submission: CGESrv	Mach-O symbol: _sendfile
Source: submission: CGESrv	Mach-O symbol: _socket
Source: submission: CGESrv	Mach-O symbol: _setsockopt
Source: submission: CGESrv	Mach-O symbol: _getsockopt
Source: submission: CGESrv	Mach-O symbol: _getsockname

Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.144.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.144.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.207.53.102
Source: unknown	TCP traffic detected without corresponding DNS query: 23.207.53.102
Source: unknown	TCP traffic detected without corresponding DNS query: 23.207.53.102
Source: unknown	TCP traffic detected without corresponding DNS query: 23.207.53.102
Source: unknown	TCP traffic detected without corresponding DNS query: 23.207.53.102
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CGESrv	String found in binary or memory: https://api.jieyafei.comtracecheckstackownershiphash
Source: CGESrv	String found in binary or memory: https://www.baidu.com/integer

Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49385
Source: unknown	Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49385 -> 443

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49398 version: TLS 1.2

E-Banking Fraud

Yara detected CobaltStrike

Source: Yara match

File source: CGESrv, type: SAMPLE

Source: classification engine

Classification label: mal56.troj.mac@0/0@1/0

Source: submission: CGESrv

Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 640)

Random device file read: /dev/random

Jump to behavior

Source: submission: CGESrv

Mach-O symbol: _ptrace

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
CGESrv	37%	Virustotal		Browse
CGESrv	18%	ReversingLabs	MacOS.Trojan.CobaltStrike

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
h3.apis.apple.map.fastly.net	151.101.3.6	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.baidu.com/integer	CGESrv	false		high
https://api.jieyafei.comtracecheckstackownershiphash	CGESrv	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.202.144.197	unknown	United States	1273	CWVodafoneGroupPLCEU	false
23.207.53.102	unknown	United States	16625	AKAMAI-ASUS	false
151.101.131.6	unknown	United States	54113	FASTLYUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
151.101.131.6	https://ivsmn.kidsavancados.com/	Get hash	malicious	Unknown	Browse
	https://fastbposolutions.com/language/overrides/message.alibaba.com/login.alibaba-com/saexy7ktc4fw1k7zk9xpnx19.php	Get hash	malicious	Unknown	Browse
	http://eocf.jyjwohl.ru/KIOJOJMAIEJFLVSF280212193270471103367JIGUHOIIAX4RQ0SVD?beunjabnkfaakr796013636449016227029WA5LIQI5PMNQO0EETOR	Get hash	malicious	Unknown	Browse
	https://commandes.maisonetstyles.com/Short/?Verification=aalborz_02@yahoo.com	Get hash	malicious	Unknown	Browse
	aJU0obOiEe	Get hash	malicious	Unknown	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	https://henrybodmerabeggco.wordpress.com/abegg-co-ag-proposal/	Get hash	malicious	Unknown	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	CalendlyApp	Get hash	malicious	Unknown	Browse
	https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse
151.101.67.6	18037.doc	Get hash	malicious	Unknown	Browse
	https://docs.google.com/presentation/d/e/2PACX-1vTBMx4bSFDj_B_GCJTdTqUpVgpLXyQPR3uFGYP9j81KKHswOSbzMWDM5ZByYtVAwpACe-iOzHmzehje/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse
	Telegram	Get hash	malicious	Unknown	Browse
	http://eocf.jyjwohl.ru/KIOJOJMAIEJFLVSF280212193270471103367JIGUHOIIAX4RQ0SVD?beunjabnkfaakr796013636449016227029WA5LIQI5PMNQO0EETOR	Get hash	malicious	Unknown	Browse
	https://commandes.maisonetstyles.com/Short/?Verification=aalborz_02@yahoo.com	Get hash	malicious	Unknown	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	CalendlyApp	Get hash	malicious	Unknown	Browse
	Constate	Get hash	malicious	Unknown	Browse
	iB8UZgdjgk	Get hash	malicious	CTHULHU STEALER	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
h3.apis.apple.map.fastly.net	18037.doc	Get hash	malicious	Unknown	Browse	151.101.3.6
	Telegram	Get hash	malicious	Unknown	Browse	151.101.3.6
	http://eocf.jyjwohl.ru/KIOJOJMAIEJFLVSF280212193270471103367JIGUHOIIAX4RQ0SVD?beunjabnkfaakr796013636449016227029WA5LIQI5PMNQO0EETOR	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://commandes.maisonetstyles.com/Short/?Verification=aalborz_02@yahoo.com	Get hash	malicious	Unknown	Browse	151.101.3.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://henrybodmerabeggco.wordpress.com/abegg-co-ag-proposal/	Get hash	malicious	Unknown	Browse	151.101.195.6
	https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918	Get hash	malicious	Unknown	Browse	151.101.3.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6
	CalendlyApp	Get hash	malicious	Unknown	Browse	151.101.131.6
	CalendlyApp	Get hash	malicious	Unknown	Browse	151.101.195.6

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	1.elf	Get hash	malicious	Unknown	Browse	23.57.220.59
	la.bot.mips.elf	Get hash	malicious	Mirai	Browse	23.211.7.47
	la.bot.sparc.elf	Get hash	malicious	Mirai	Browse	23.199.141.119
	la.bot.arm.elf	Get hash	malicious	Mirai	Browse	23.13.44.108
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	23.50.132.247
	http://files.playanext.com/v8/avast_secure_browser_setup.exe	Get hash	malicious	Unknown	Browse	23.50.252.137
	la.bot.mipsel.elf	Get hash	malicious	Mirai	Browse	104.98.7.134
	loligang.sh4.elf	Get hash	malicious	Mirai	Browse	23.60.108.117
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	23.209.249.233
	loligang.x86.elf	Get hash	malicious	Mirai	Browse	172.230.179.94
FASTLYUS	file.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS	Browse	185.199.111.133
	https://pdf.ac/4lLzbt	Get hash	malicious	Unknown	Browse	151.101.129.44
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	185.199.110.133
	https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9Uby5lZW1qaGl1bHoucnUvek83UkZORy8=	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9Uby5lZW1qaGl1bHoucnUvek83UkZORy8=	Get hash	malicious	Unknown	Browse	151.101.194.137
	vRecord__0064secs__warriorsheart.com.html	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://fm.blebsions.com/R7tS/	Get hash	malicious	Unknown	Browse	151.101.194.137
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	185.199.111.133
	https://www.asda.com@hnvs.xyz/asda-christmas-prizes	Get hash	malicious	Unknown	Browse	199.232.196.193
	https://vCyA.warmickmak.ru/PrEvJj/	Get hash	malicious	Unknown	Browse	151.101.66.137
CWVodafoneGroupPLCEU	la.bot.m68k.elf	Get hash	malicious	Mirai	Browse	217.135.227.46
	jew.sh4.elf	Get hash	malicious	Unknown	Browse	62.208.195.84
	https://dot.itsecuritymessages.com/45sf4657dvz4hn/afc6c7/00179cbf-581d-4c00-98d3-bf1104b204ad	Get hash	malicious	Unknown	Browse	2.16.149.71
	Tbconsulting Company Guidelines Employee Handbook.docx	Get hash	malicious	Unknown	Browse	92.122.101.59
	mips.elf	Get hash	malicious	Unknown	Browse	159.197.33.131
	ppc.elf	Get hash	malicious	Unknown	Browse	62.208.171.35
	IGz.mips.elf	Get hash	malicious	Mirai	Browse	195.44.6.179
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	141.1.87.10
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	194.177.185.230
	sh4.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	217.135.102.136

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
5c118da645babe52f060d0754256a73c	https://ivsmn.kidsavancados.com/	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	18037.doc	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	https://docs.google.com/presentation/d/e/2PACX-1vTBMx4bSFDj_B_GCJTdTqUpVgpLXyQPR3uFGYP9j81KKHswOSbzMWDM5ZByYtVAwpACe-iOzHmzehje/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	Telegram	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	https://fastbposolutions.com/language/overrides/message.alibaba.com/login.alibaba-com/saexy7ktc4fw1k7zk9xpnx19.php	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	http://eocf.jyjwohl.ru/KIOJOJMAIEJFLVSF280212193270471103367JIGUHOIIAX4RQ0SVD?beunjabnkfaakr796013636449016227029WA5LIQI5PMNQO0EETOR	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	https://commandes.maisonetstyles.com/Short/?Verification=aalborz_02@yahoo.com	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	aJU0obOiEe	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.67.6

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>
Entropy (8bit):	6.229387812290317
TrID:	Mac OS X Mach-O 64-bit Intel executable (4008/2) 50.02% Mac OS X Mach-O 64-bit executable (little-endian) (4004/1) 49.98%
File name:	CGESrv
File size:	6'749'072 bytes
MD5:	f0d721e663f6e3a2fafd2a27ef95cee0
SHA1:	1ddefc194d322e23e480f6143b958dffe6bae21f
SHA256:	c8df7fb1bed859df3932704053bf581482b33bed6effc5ef1f2a2efebdfd2396
SHA512:	b98b9aa717a33b7967f3c7762543bb2c8ffe54811a8c18c8cec7cda9892aabc3d81405f059fa5008921a2575e290b7cab950c7966864f78e4656d340b3abf53d
SSDEEP:	98304:LuZodBjNDcDii+1u+meFcEh7JnQ0pfxrRIM:akC2i+qcVRrV
TLSH:	DA662A47EC9505F5C0AE923089B692537AB17C484B3127D36B90F7383F76BD0AAB9B50
File Content Preview:	.......................... .........H...__PAGEZERO..........................................................(...__TEXT....................9...............9.....................__text..........__TEXT..................%.0....................................

Static Mach Info

General Information for header 1
Endian:	little-endian
Size:	64-bit
Architecture:	x86_64
Filetype:	execute
Nbr. of load commands:	20
Entry point:	0x100071D20

segment_64 load command - aggregated: 5

Name	Value
segname	__PAGEZERO
vmaddr	0x0
vmsize	0x100000000
fileoff	0x0
filesize	0x0
maxprot	0x0
initprot	0x0
nsects	0
flags	0x0

Name

Value

segname

__TEXT

vmaddr

0x100000000

vmsize

0x39E000

fileoff

0x0

filesize

0x39E000

maxprot

0x5

initprot

0x5

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__text	__TEXT	0x100001400	0x308B25	0x1400	6.19407105	5	0x0	0	0x80000400
__stubs	__TEXT	0x100309F25	0x32A	0x309F25	3.80238069	0	0x0	0	0x80000400
__rodata	__TEXT	0x10030A260	0x93C25	0x30A260	5.31659125	5	0x0	0	0x0
__cstring	__TEXT	0x10039DE85	0x9A	0x39DE85	4.53004892	0	0x0	0	0x0
__const	__TEXT	0x10039DF20	0x8	0x39DF20	-0.00000000	3	0x0	0	0x0
__unwind_info	__TEXT	0x10039DF28	0xC8	0x39DF28	3.71350397	2	0x0	0	0x0

Name

Value

segname

__DATA_CONST

vmaddr

0x10039E000

vmsize

0x28A000

fileoff

0x39E000

filesize

0x28A000

maxprot

0x3

initprot

0x3

nsects

flags

0x10

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__got	__DATA_CONST	0x10039E000	0x440	0x39E000	2.40693013	3	0x0	0	0x0
__rodata	__DATA_CONST	0x10039E440	0xAC9C0	0x39E440	4.33113976	5	0x0	0	0x0
__typelink	__DATA_CONST	0x10044AE00	0x1F3C	0x44AE00	5.10923581	5	0x0	0	0x0
__itablink	__DATA_CONST	0x10044CD40	0xCE8	0x44CD40	3.34611458	5	0x0	0	0x0
__gopclntab	__DATA_CONST	0x10044DA40	0x1D97B0	0x44DA40	6.06551709	5	0x0	0	0x0

Name

Value

segname

__DATA

vmaddr

0x100628000

vmsize

0x6A000

fileoff

0x628000

filesize

0x42000

maxprot

0x3

initprot

0x3

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__data	__DATA	0x100628000	0xFD20	0x628000	2.07285191	5	0x0	0	0x0
__go_buildinfo	__DATA	0x100637D20	0x400	0x637D20	5.89733463	4	0x0	0	0x0
__noptrdata	__DATA	0x100638120	0x310E2	0x638120	6.01151800	5	0x0	0	0x0
__bss	__DATA	0x100669220	0x228A0	0x0	0.00000000	5	0x0	0	0x0
__noptrbss	__DATA	0x10068BAC0	0x6140	0x0	0.00000000	5	0x0	0	0x0
__common	__DATA	0x100691C00	0x10	0x0	0.00000000	3	0x0	0	0x0

Name	Value
segname	__LINKEDIT
vmaddr	0x100692000
vmsize	0x6000
fileoff	0x66A000
filesize	0x5B90
maxprot	0x1
initprot	0x1
nsects	0
flags	0x0

dyld_chained_fixups load command - aggregated: 1

Name	Value
dataoff	6725632
datasize	2960

dyld_exports_trie load command - aggregated: 1

Name	Value
dataoff	6728592
datasize	1040

symtab load command - aggregated: 1

Name	Value
symoff	6742128
nsyms	178
stroff	6746064
strsize	3008

dysymtab load command - aggregated: 1

Name	Value
ilocalsym	0
nlocalsym	0
iextdefsym	0
nextdefsym	41
iundefsym	41
nundefsym	137
tocoff	0
ntoc	0
modtaboff	0
nmodtab	0
extrefsymoff	0
nextrefsyms	0
indirectsymoff	6744976
nindirectsyms	271
extreloff	0
nextrel	0
locreloff	0
nlocrel	0

load_dylinker load command - aggregated: 1

Name	Value

uuid load command - aggregated: 1

Name	Value
uuid	968fbc8d-8c6d-fd8c-f2f2-7e94f37e13dc

build_version load command - aggregated: 1

Name	Value

source_version load command - aggregated: 1

Name	Value
path	0.0.0.0.0

main load command - aggregated: 1

Name	Value

load_dylib load command - aggregated: 4

Name

Value

compatibility_version

1.0.0

current_version

1.0.0

timestamp

1970-01-01

Datas

/usr/lib/libresolv.9.dylib

Name

Value

compatibility_version

1.0.0

current_version

1345.100.2

timestamp

1970-01-01

Datas

/usr/lib/libSystem.B.dylib

Name

Value

compatibility_version

150.0.0

current_version

2420.0.0

timestamp

1970-01-01

Datas

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation

Name

Value

compatibility_version

1.0.0

current_version

61123.100.169

timestamp

1970-01-01

Datas

/System/Library/Frameworks/Security.framework/Versions/A/Security

function_starts load command - aggregated: 1

Name	Value
dataoff	6729632
datasize	12496

data_in_code load command - aggregated: 1

Name	Value
dataoff	6742128
datasize	0

Symbols

Name	Category	Origin	Segment Name	Bind Address	Library Name
__cgo_534629aae644_C2func_proc_pidinfo	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_C2func_proc_pidpath	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_C2func_sysctl	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc__Cmalloc	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_free	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_mach_timebase_info	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_memcpy	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_proc_pidinfo	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_proc_pidpath	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cfunc_sysctl	EXTERNAL	LC_SYMTAB
__cgo_534629aae644_Cmacro_NULL	EXTERNAL	LC_SYMTAB
__cgo_60d741e58028_Cfunc_host_processor_info	EXTERNAL	LC_SYMTAB
__cgo_60d741e58028_Cfunc_host_statistics	EXTERNAL	LC_SYMTAB
__cgo_60d741e58028_Cfunc_mach_host_self	EXTERNAL	LC_SYMTAB
__cgo_60d741e58028_Cfunc_vm_deallocate	EXTERNAL	LC_SYMTAB
__cgo_f12645b68d2f_Cfunc_host_statistics	EXTERNAL	LC_SYMTAB
__cgo_f12645b68d2f_Cfunc_mach_host_self	EXTERNAL	LC_SYMTAB
__cgo_get_context_function	EXTERNAL	LC_SYMTAB
__cgo_panic	EXTERNAL	LC_SYMTAB
__cgo_release_context	EXTERNAL	LC_SYMTAB
__cgo_set_stacklo	EXTERNAL	LC_SYMTAB
__cgo_sys_thread_start	EXTERNAL	LC_SYMTAB
__cgo_topofstack	EXTERNAL	LC_SYMTAB
__cgo_try_pthread_create	EXTERNAL	LC_SYMTAB
__cgo_wait_runtime_init_done	EXTERNAL	LC_SYMTAB
__cgo_yield	EXTERNAL	LC_SYMTAB
__mh_execute_header	EXTERNAL	LC_SYMTAB
_crosscall1	EXTERNAL	LC_SYMTAB
_crosscall2	EXTERNAL	LC_SYMTAB
_x_cgo_bindm	EXTERNAL	LC_SYMTAB
_x_cgo_callers	EXTERNAL	LC_SYMTAB
_x_cgo_getstackbound	EXTERNAL	LC_SYMTAB
_x_cgo_init	EXTERNAL	LC_SYMTAB
_x_cgo_notify_runtime_init_done	EXTERNAL	LC_SYMTAB
_x_cgo_pthread_key_created	EXTERNAL	LC_SYMTAB
_x_cgo_set_context_function	EXTERNAL	LC_SYMTAB
_x_cgo_setenv	EXTERNAL	LC_SYMTAB
_x_cgo_sys_thread_create	EXTERNAL	LC_SYMTAB
_x_cgo_thread_start	EXTERNAL	LC_SYMTAB
_x_cgo_unsetenv	EXTERNAL	LC_SYMTAB
_x_crosscall2_ptr	EXTERNAL	LC_SYMTAB
_CFArrayAppendValue	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFArrayCreateMutable	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFArrayGetCount	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFArrayGetValueAtIndex	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFDataCreate	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFDataGetBytePtr	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFDataGetLength	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFDateCreate	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFErrorCopyDescription	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFErrorGetCode	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFRelease	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFStringCreateExternalRepresentation	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFStringCreateWithBytes	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_SecCertificateCopyData	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecCertificateCreateWithData	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecPolicyCreateSSL	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecTrustCreateWithCertificates	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecTrustEvaluateWithError	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecTrustGetCertificateAtIndex	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecTrustGetCertificateCount	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
_SecTrustSetVerifyDate	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/System/Library/Frameworks/Security.framework/Versions/A/Security
___error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
___stderrp	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_abort	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_accept	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_arc4random_buf	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_bind	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_chdir	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_chmod	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_chroot	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_clock_gettime	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_close	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_closedir	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_connect	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_dup	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_dup2	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_execve	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_exit	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_faccessat	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fcntl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fdopendir$INODE64	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fork	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fprintf	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_free	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_freeaddrinfo	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fstat64	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_fwrite	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_gai_strerror	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getaddrinfo	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getcwd	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getpeername	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getpid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getpwuid_r	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getrlimit	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getsockname	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getsockopt	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_getuid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_host_processor_info	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_host_statistics	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_ioctl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_issetugid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_kevent	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_kill	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_kqueue	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_listen	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_lseek	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_lstat64	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_mach_absolute_time	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_mach_host_self	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_mach_task_self_	UNDEFINED	LC_SYMTAB	__DATA	0x0	/usr/lib/libSystem.B.dylib
_mach_timebase_info	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_madvise	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_malloc	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_memcpy	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_mkdir	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_mmap	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_munmap	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_nanosleep	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_notify_is_valid_token	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_open	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_openat	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pathconf	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pipe	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_proc_pidinfo	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_proc_pidpath	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_attr_getstacksize	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_attr_init	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_attr_setdetachstate	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_attr_setstacksize	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_cond_broadcast	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_cond_init	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_cond_signal	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_cond_timedwait_relative_np	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_cond_wait	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_create	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_detach	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_get_stackaddr_np	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_get_stacksize_np	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_key_create	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_kill	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_mutex_init	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_mutex_lock	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_mutex_unlock	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_self	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_setspecific	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_pthread_sigmask	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_ptrace	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_raise	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_read	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_readdir_r$INODE64	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_readlink	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_rename	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_rmdir	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_sendfile	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setenv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setgid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setgroups	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setpgid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setrlimit	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setsid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setsockopt	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_setuid	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_sigaction	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_sigaltstack	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_socket	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_stat64	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_strerror	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_sysconf	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_sysctl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_unlink	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_unlinkat	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_unsetenv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_usleep	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_vm_deallocate	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_wait4	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_write	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib
_xpc_date_create_from_current	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x0	/usr/lib/libSystem.B.dylib

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 08:06:20.997916937 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:20.998023987 CET	443	49385	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:20.998807907 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.000790119 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.000842094 CET	443	49385	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.315428019 CET	443	49385	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.316226006 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.316282988 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.354821920 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.354993105 CET	443	49385	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.355397940 CET	443	49385	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.355575085 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.355799913 CET	49385	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.422017097 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.422116041 CET	443	49386	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.423284054 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.425472021 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.425523043 CET	443	49386	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.707232952 CET	443	49386	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.708316088 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.708364964 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.718014956 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.718173027 CET	443	49386	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.718554974 CET	443	49386	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:21.718735933 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:21.719052076 CET	49386	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:22.830037117 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:22.830112934 CET	443	49390	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:22.830821037 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:22.834862947 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:22.834873915 CET	443	49390	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:23.117227077 CET	443	49390	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:23.117973089 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:23.118204117 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:23.133644104 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:23.133819103 CET	443	49390	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:23.134253025 CET	443	49390	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:23.135420084 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:23.135540009 CET	49390	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:28.993196011 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:28.993283033 CET	443	49391	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:28.994098902 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:28.994853973 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:28.994906902 CET	443	49391	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.279747963 CET	443	49391	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.281397104 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.281452894 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.287825108 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.288006067 CET	443	49391	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.288434982 CET	443	49391	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.288618088 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.288875103 CET	49391	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.299840927 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.299928904 CET	443	49392	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.300501108 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.301266909 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.301318884 CET	443	49392	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.597167969 CET	443	49392	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.599245071 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.599419117 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.607008934 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.607175112 CET	443	49392	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.607573986 CET	443	49392	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.607742071 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.608072042 CET	49392	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.667800903 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.667891026 CET	443	49393	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.668535948 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.669548988 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.669612885 CET	443	49393	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.955296993 CET	443	49393	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.956110001 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.956276894 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.963466883 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.963634968 CET	443	49393	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.964037895 CET	443	49393	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.964160919 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.964451075 CET	49393	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.985193968 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.985271931 CET	443	49394	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:29.986042976 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.986882925 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:29.986936092 CET	443	49394	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:30.268908978 CET	443	49394	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:30.269790888 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:30.269834042 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:30.281749964 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:30.281872988 CET	443	49394	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:30.282120943 CET	443	49394	151.101.131.6	192.168.11.12
Dec 19, 2024 08:06:30.282931089 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:30.282953978 CET	49394	443	192.168.11.12	151.101.131.6
Dec 19, 2024 08:06:44.628504992 CET	49344	80	192.168.11.12	23.202.144.197
Dec 19, 2024 08:06:44.757900953 CET	80	49344	23.202.144.197	192.168.11.12
Dec 19, 2024 08:06:44.758729935 CET	49344	80	192.168.11.12	23.202.144.197
Dec 19, 2024 08:06:49.874990940 CET	49354	443	192.168.11.12	23.207.53.102
Dec 19, 2024 08:06:49.876297951 CET	49354	443	192.168.11.12	23.207.53.102
Dec 19, 2024 08:06:50.016730070 CET	443	49354	23.207.53.102	192.168.11.12
Dec 19, 2024 08:06:50.016941071 CET	443	49354	23.207.53.102	192.168.11.12
Dec 19, 2024 08:06:50.016984940 CET	443	49354	23.207.53.102	192.168.11.12
Dec 19, 2024 08:06:50.017776966 CET	49354	443	192.168.11.12	23.207.53.102
Dec 19, 2024 08:06:50.017973900 CET	49354	443	192.168.11.12	23.207.53.102
Dec 19, 2024 08:06:50.017973900 CET	49354	443	192.168.11.12	23.207.53.102
Dec 19, 2024 08:07:58.566495895 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.566531897 CET	443	49395	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.567034960 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.567992926 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.568011999 CET	443	49395	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.843100071 CET	443	49395	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.843810081 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.843964100 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.849710941 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.849781990 CET	443	49395	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.849865913 CET	443	49395	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.850528955 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.850756884 CET	49395	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.864604950 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.864624023 CET	443	49396	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:58.865555048 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.866343975 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:58.866357088 CET	443	49396	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.154294968 CET	443	49396	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.155057907 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.155077934 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.161269903 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.161324978 CET	443	49396	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.161453962 CET	443	49396	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.162090063 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.162113905 CET	49396	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.183398962 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.183451891 CET	443	49397	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.184097052 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.185116053 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.185136080 CET	443	49397	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.472023010 CET	443	49397	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.472819090 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.472839117 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.478988886 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.479067087 CET	443	49397	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.479192972 CET	443	49397	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.479682922 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.479707003 CET	49397	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.493978024 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.494030952 CET	443	49398	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.494909048 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.495872021 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.495892048 CET	443	49398	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.773248911 CET	443	49398	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.775015116 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.775074959 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.781639099 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.781711102 CET	443	49398	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.781840086 CET	443	49398	151.101.67.6	192.168.11.12
Dec 19, 2024 08:07:59.782326937 CET	49398	443	192.168.11.12	151.101.67.6
Dec 19, 2024 08:07:59.782407999 CET	49398	443	192.168.11.12	151.101.67.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 08:06:08.156459093 CET	53	52458	1.1.1.1	192.168.11.12
Dec 19, 2024 08:07:58.422508001 CET	62104	53	192.168.11.12	1.1.1.1
Dec 19, 2024 08:07:58.563860893 CET	53	62104	1.1.1.1	192.168.11.12

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 19, 2024 08:06:13.677428007 CET	192.168.11.12	1.1.1.1	fc1f	(Port unreachable)	Destination Unreachable
Dec 19, 2024 08:06:13.677489996 CET	192.168.11.12	1.1.1.1	fc1f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 08:07:58.422508001 CET	192.168.11.12	1.1.1.1	0xfc67	Standard query (0)	h3.apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 08:07:58.563860893 CET	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net	151.101.3.6	A (IP address)	IN (0x0001)	false
Dec 19, 2024 08:07:58.563860893 CET	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net	151.101.67.6	A (IP address)	IN (0x0001)	false
Dec 19, 2024 08:07:58.563860893 CET	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net	151.101.131.6	A (IP address)	IN (0x0001)	false
Dec 19, 2024 08:07:58.563860893 CET	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net	151.101.195.6	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: mono-sgen32 PID: 620, Parent PID: 537

General

Start time (UTC):	07:05:58
Start date (UTC):	19/12/2024
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Chronological Activities

Analysis Process: CGESrv PID: 620, Parent PID: 537

General

Start time (UTC):	07:05:58
Start date (UTC):	19/12/2024
Path:	/Users/bernard/Desktop/CGESrv
Arguments:	/Users/bernard/Desktop/CGESrv
File size:	6749072 bytes
MD5 hash:	f0d721e663f6e3a2fafd2a27ef95cee0

Chronological Activities

Analysis Process: xpcproxy PID: 640, Parent PID: 1

General

Start time (UTC):	07:06:28
Start date (UTC):	19/12/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Chronological Activities

Analysis Process: eficheck PID: 640, Parent PID: 1

General

Start time (UTC):	07:06:28
Start date (UTC):	19/12/2024
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report CGESrv

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static Mach Info

General Information for header 1

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: mono-sgen32 PID: 620, Parent PID: 537

General

Chronological Activities

Analysis Process: CGESrv PID: 620, Parent PID: 537

General

Chronological Activities

Analysis Process: xpcproxy PID: 640, Parent PID: 1

General

Chronological Activities

Analysis Process: eficheck PID: 640, Parent PID: 1

General

Chronological Activities

macOS Analysis Report
CGESrv