macOS Analysis Report
iStatMenus7.02.3.zip

Overview

General Information

Sample name:	iStatMenus7.02.3.zip
Analysis ID:	1531695
MD5:	ab55f71282e684320e6e651a08171efa
SHA1:	adfc1c7ea38f6a7b358deb6b1708ce484d01b688
SHA256:	b2a412318218c5635bb4f4dfbe64dbc4697fbbcc1744a5354d35b6890e7940e4
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

App bundle contains hidden files/directories

Contains symbols with suspicious names likely related to encryption

Contains symbols with suspicious names likely related to networking

Contains symbols with suspicious names likely related to well-known browsers

Classification

Signatures

Contains symbols with suspicious names likely related to encryption

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyVMa
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyV17pemRepresentationAGSS_tKcfC
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyVMn
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureVMa
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xt10Foundation12DataProtocolRzlF
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureVMn
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyVMa
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyV17pemRepresentationAGSS_tKcfC
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyVMn
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureVMa
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xt10Foundation12DataProtocolRzlF
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _$s9CryptoKit4P521O7SigningO14ECDSASignatureVMn

Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49413 version: TLS 1.2

Contains symbols with suspicious names likely related to networking

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _BBRSettingsImport
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _SecItemImport
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _setsockopt
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _socket
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketConnectToAddress
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketCreateWithNative
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketCreateRunLoopSource
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketIsValid
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketInvalidate
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketSendData
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_BBRNetworkMenuPingSection
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_BBRNetworkUtilitiesPing
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_PSWebSocket
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _BBRSettingsImport
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _setsockopt
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _socket
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _SecItemImport
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketConnectToAddress
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketCreateWithNative
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketCreateRunLoopSource
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketIsValid
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketInvalidate
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _CFSocketSendData
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_BBRNetworkMenuPingSection
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_BBRNetworkUtilitiesPing
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: _OBJC_CLASS_$_PSWebSocket

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.65
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CodeResources	String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: iStat Menus	String found in binary or memory: http://crl.apple.com/root.crl0
Source: iStat Menus	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: iStat Menus	String found in binary or memory: http://ocsp.apple.com/ocsp03-devid060
Source: Info.plist, iStat Menus, CodeResources	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: iStat Menus	String found in binary or memory: http://www.apple.com/appleca0
Source: iStat Menus	String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: iStat Menus	String found in binary or memory: https://bjango.com/
Source: iStat Menus	String found in binary or memory: https://bjango.com/contact/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/combined/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/cpugpu/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/disks/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/fans/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/global/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/hiddenitems/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/licenseagreement/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/memory/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/network/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/power/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/rules/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/sensors/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/time/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/weather/
Source: iStat Menus	String found in binary or memory: https://bjango.com/help/istatmenus7/welcome/
Source: iStat Menus	String found in binary or memory: https://bjango.com/mac/istatmenus7/versionhistory/
Source: iStat Menus	String found in binary or memory: https://bjango.com/mas/istatmenus7/helper/
Source: iStat Menus	String found in binary or memory: https://http://Network.Menubar.Ping.CustomNetwork.Menubar.Ping.Address%li%
Source: iStat Menus	String found in binary or memory: https://licensing.istatmenus.app/prices/
Source: iStat Menus	String found in binary or memory: https://licensing.istatmenus.app/verify/
Source: iStat Menus	String found in binary or memory: https://weather.istatmenus.app/istatmenus/v3/subscription/
Source: iStat Menus	String found in binary or memory: https://weather.istatmenus.app/refresh/
Source: iStat Menus	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 49410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 49412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49385
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49413
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49410
Source: unknown	Network traffic detected: HTTP traffic on port 49413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49385 -> 443

Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49413 version: TLS 1.2

Source: classification engine

Classification label: clean2.macZIP@0/0@1/0

Contains symbols with suspicious names likely related to well-known browsers

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O symbol: __swift_stdlib_operatingSystemVersion

Source: extracted file from ZIP submission

CodeResources XML file: iStat Menus.app/Contents/_CodeSignature/CodeResources

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: iStat Menus.app/Contents/MacOS/iStat Menus	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 648)

Random device file read: /dev/random

Jump to behavior

App bundle contains hidden files/directories

Source: archive file from ZIP submission

Hidden file : __MACOSX/iStat Menus.app/Contents/Resources/._notifications.png

Source: /usr/bin/open (PID: 620)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior
Source: /usr/bin/open (PID: 630)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.76.101.13	unknown	United States	16625	AKAMAI-ASUS	false
151.101.195.6	unknown	United States	54113	FASTLYUS	false
151.101.67.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false

Contacted Domains

Name	IP	Active
h3.apis.apple.map.fastly.net	151.101.67.6	true

ID:	1531695
Product:	CloudBasic
Start time:	16:12:31
Start date:	11.10.2024
Sample:	iStatMenus7.02.3.zip
Cookbook:	defaultmacfilecookbook.jbs
System description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Architecture:	MAC
MD5:	ab55f71282e684320e6e651a08171efa
SHA1:	adfc1c7ea38f6a7b358deb6b1708ce484d01b688
SHA256:	b2a412318218c5635bb4f4dfbe64dbc4697fbbcc1744a5354d35b6890e7940e4
Filetype:	Mac OS X Application Bundle (12004/1) 59.99%

macOS Analysis Report
iStatMenus7.02.3.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report iStatMenus7.02.3.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report
iStatMenus7.02.3.zip