Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/libexec/xpcproxy

/usr/libexec/nsurlstoraged

/usr/libexec/nsurlstoraged --privileged

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open -b com.apple.Finder /Users/bernard/Desktop/unpack

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open /Users/bernard/Desktop/unpack/iStat Menus.app

/usr/libexec/xpcproxy

/usr/libexec/firmwarecheckers/eficheck/eficheck

/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name

Malicious

https://bjango.com/help/istatmenus7/combined/

unknown

https://bjango.com/help/istatmenus7/global/

unknown

https://bjango.com/help/istatmenus7/rules/

unknown

https://bjango.com/mas/istatmenus7/helper/

unknown

https://bjango.com/help/istatmenus7/network/

unknown

https://bjango.com/help/istatmenus7/hiddenitems/

unknown

https://bjango.com/help/istatmenus7/welcome/

unknown

https://licensing.istatmenus.app/prices/

unknown

https://http://Network.Menubar.Ping.CustomNetwork.Menubar.Ping.Address%li%

unknown

https://weather.istatmenus.app/istatmenus/v3/subscription/

unknown

https://bjango.com/help/istatmenus7/cpugpu/

unknown

https://bjango.com/

unknown

https://bjango.com/help/istatmenus7/time/

unknown

https://bjango.com/help/istatmenus7/weather/

unknown

https://bjango.com/help/istatmenus7/disks/

unknown

https://bjango.com/help/istatmenus7/fans/

unknown

https://bjango.com/help/istatmenus7/licenseagreement/

unknown

https://bjango.com/help/istatmenus7/power/

unknown

https://bjango.com/help/istatmenus7/sensors/

unknown

https://weather.istatmenus.app/refresh/

unknown

https://bjango.com/help/istatmenus7/memory/

unknown

https://bjango.com/contact/

unknown

https://bjango.com/mac/istatmenus7/versionhistory/

unknown

https://licensing.istatmenus.app/verify/

unknown

There are 14 hidden URLs, click here to show them.

Domains

Name

Malicious

h3.apis.apple.map.fastly.net

151.101.67.6

Details

Name:	h3.apis.apple.map.fastly.net
IP:	151.101.67.6
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.76.101.13

unknown

United States

Details

IP:	104.76.101.13
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

151.101.195.6

unknown

United States

Details

IP:	151.101.195.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.67.6

h3.apis.apple.map.fastly.net

United States

Details

IP:	151.101.67.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	h3.apis.apple.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
iStatMenus7.02.3.zip

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportiStatMenus7.02.3.zip

Processes

URLs

Domains

IPs

IOC Report
iStatMenus7.02.3.zip