macOS Malware Impersonates The Unarchiver App to Steal User Data | Hunt.io
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 Keychain - T1142 |
Common Information
| Type | Value |
|---|---|
| UUID | 1228a2bd-a576-4592-a7be-269d21953ade |
| Fingerprint | a4029b1109b38f8f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 3, 2024, midnight |
| Added to db | Oct. 9, 2024, 8:28 p.m. |
| Last updated | Nov. 19, 2024, 8:52 p.m. |
| Headline | MacOS Malware Impersonates The Unarchiver App to Steal User Data |
| Title | macOS Malware Impersonates The Unarchiver App to Steal User Data | Hunt.io |
| Detected Hints/Tags/Attributes | 41/3/17 |
Source URLs
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | hunt.io | hunt.io |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 57 | hunt.io |
|
| Details | Domain | 1 | tneunarchiver.com |
|
| Details | Domain | 1 | theunarchiver.com |
|
| Details | Domain | 2 | cryptomac.dev |
|
| Details | Domain | 4 | grabber.zip |
|
| Details | Domain | 5 | main.sh |
|
| Details | Domain | 1 | send.sh |
|
| Details | File | 1 | theunarchiver.dmg |
|
| Details | File | 130 | info.pl |
|
| Details | File | 1 | cryptotrade_libs.txt |
|
| Details | File | 3 | grabber.zip |
|
| Details | File | 1 | 'ip.txt |
|
| Details | File | 1212 | index.php |
|
| Details | sha1 | 1 | 4932e7da6b21e1e37c507c42d40951ba53a83cf4 |
|
| Details | IPv4 | 2 | 81.19.137.179 |
|
| Details | Url | 2 | https://cryptomac.dev/download/grabber.zip |
|
| Details | Url | 2 | http://81.19.137.179/api/index.php |