Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

EasyFind.app.zip

Zip archive data, at least v2.0 to extract, compression method=store

initial sample

Details

Filetype:	Zip archive data, at least v2.0 to extract, compression method=store
Entropy:	7.994765044099031
Filename:	EasyFind.app.zip
Filesize:	5056310
MD5:	91ce8e492999bfa0cf4a95e2aa505b73
SHA1:	b9f8f97267def20bf488fee9b59fd6a3fbf158d0
SHA256:	1539a562539e3b3a243da864fddee0351a4c7d109aa9dcae436775ecbb288fc9
SHA512:	41c50e8eb7a421942519634e8f8be2199f53159bd411ec7159994b7988e1e18a49691f31f28f091b58ef69acea152f5a8e7ea40931a2871aafd274c1eaff32de
SSDEEP:	98304:o5JlRdBNny307pUJVaT4c31wJuSmZpvnPTQwImARtzMv4yZmv3:UJllMopU/ceuVNINtzMvpZO
Preview:	PK........,u.S.............. .EasyFind.app/UT......a...a...aux.............PK.........y.S.............. .EasyFind.app/Contents/UT...\..a]..a...aux.............PK.........y.S............#. .EasyFind.app/Contents/CodeResourcesUT...\..a]..a...aux............

/dev/null

Unicode text, UTF-8 text

dropped

Details

File:	/dev/null
Category:	dropped
Dump:	null.264.dr
ID:	dr_0
Target ID:	264
Process:	/Users/bernard/Desktop/unpack/EasyFind.app/Contents/MacOS/EasyFind
Type:	Unicode text, UTF-8 text
Entropy:	5.31059279200165
Encrypted:	false
Ssdeep:	6:nqu2kIbKR3mquSVCCIbKR/FQKDih6w5KPyvtxquSVIiqIbKRfHmKcegh2MvgnL/o:qLk9RpdcC9R5istavtcdm9RfGKXggAgc
Size:	359
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/usr/libexec/xpcproxy

/usr/libexec/nsurlstoraged

/usr/libexec/nsurlstoraged --privileged

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open -b com.apple.Finder /Users/bernard/Desktop/unpack

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open /Users/bernard/Desktop/unpack/EasyFind.app

/usr/libexec/xpcproxy

/Users/bernard/Desktop/unpack/EasyFind.app/Contents/MacOS/EasyFind

/usr/libexec/xpcproxy

/usr/libexec/firmwarecheckers/eficheck/eficheck

/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name

Malicious

https://www.devontechnologies.com/https://www.devontechnologies.com/support/https://forum.devontechn

unknown

https://forum.devontechnologies.com/

unknown

https://www.devontechnologies.com/

unknown

https://www.devontechnologies.com/Updates.plist?product=%

unknown

https://www.devontechnologies.com/support/

unknown

https://cdn.jsdelivr.net/npm/mathjax

unknown

https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js

unknown

https://www.devontechnologies.com/download/

unknown

http://tm.wc.ask.com/

unknown

http://tmsyn.wc.ask.com/

unknown

http://web.ask.com/redir?

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

appledownload.map.fastly.net

151.101.195.8

h3.apis.apple.map.fastly.net

151.101.3.6

Details

Name:	h3.apis.apple.map.fastly.net
IP:	151.101.3.6
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

23.48.144.29

unknown

United States

Details

IP:	23.48.144.29
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	20940
ASN name:	AKAMAI-ASN1EU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

151.101.3.6

h3.apis.apple.map.fastly.net

United States

Details

IP:	151.101.3.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	h3.apis.apple.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.195.8

appledownload.map.fastly.net

United States

Details

IP:	151.101.195.8
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	appledownload.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.195.6

unknown

United States

Details

IP:	151.101.195.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.64.149.23

unknown

United States

Details

IP:	172.64.149.23
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
EasyFind.app.zip

Files

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportEasyFind.app.zip

Files

Processes

URLs

Domains

IPs

IOC Report
EasyFind.app.zip