IOC Report

loading gifFilesProcessesURLsDomainsIPs1032Label

Files

File Path
Type
Category
Malicious
Download
/Users/berri/Library/Safari/.dat.nosync0226.qLaaaV
Apple binary property list
dropped
 clean download
/Users/berri/Library/Safari/.dat.nosync0226.rNbQVU
XML 1.0 document, ASCII text
dropped
 clean download
/Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist
Apple binary property list
dropped
 clean download
/dev/null
ASCII text
dropped
 clean download
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0226.MzqjWS
Apple binary property list
dropped
 clean download
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
 clean download
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
Mac OS X Keychain File
dropped
 clean download
/private/var/log/wifi.log.0.bz2
bzip2 compressed data, block size = 900k
dropped
 clean download
/private/var/tmp/NSCreateObjectFileImageFromMemory-8Ux4de
Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
dropped
 clean download
/private/var/tmp/NSCreateObjectFileImageFromMemory-I5RRkf
Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
dropped
 clean download
/private/var/tmp/NSCreateObjectFileImageFromMemory-WLJA5P
Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
dropped
 clean download
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/libexec/xpcproxy
n/a
 clean
/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
clean
/usr/bin/bzip2
n/a
 clean

URLs

Name
IP
Malicious
https://xyt2i.mjt.lu/lnk/AUsAADzeJ50AAAAIleYAABKYp8QAAAAAd7gAAMIAABga0gBhXLPWvOUjiH6uQUiZaqJkemuK6QAW_mw/1/gS9BhkQtcGsgqjFuAFhUGQ/aHR0cHM6Ly9vdXRib3gtbWVzc2FnZXMudXBkYXRlcmVkaXJlY3Rpbmdsb2dpbi53b3JrZXJzLmRldi8jbGhlbmRyaXhAdHJ1ZWFjY29yZC5jb20#lhendrix@trueaccord.com
clean
https://outbox-messages.updateredirectinglogin.workers.dev/#lhendrix
unknown
 clean

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.11.207
 clean
gateway.fe.apple-dns.net
17.248.145.108
 clean
cdn.digicertcdn.com
104.18.10.39
 clean
www.google.com
142.250.185.132
 clean
outbox-messages.updateredirectinglogin.workers.dev
104.21.51.225
 clean
xyt2i.mjt.lu
35.241.186.140
 clean
www.trueaccord.com
143.204.98.58
 clean
x1.c.lencr.org
unknown
 clean
code.jquery.com
unknown
 clean
r3.o.lencr.org
unknown
 clean

IPs

IP
Domain
Country
Malicious
104.21.51.225
outbox-messages.updateredirectinglogin.workers.dev
United States
clean
142.250.185.132
www.google.com
United States
clean
35.241.186.140
xyt2i.mjt.lu
United States
clean
104.18.11.207
stackpath.bootstrapcdn.com
United States
clean
104.90.164.244
unknown
United States
clean
143.204.98.58
www.trueaccord.com
United States
clean