Mac Malware, Spoofs App, Steals User Information
Tags
attack-pattern: Data Code Signing - T1553.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Code Signing - T1116
Show in Graph
Common Information
Type Value
UUID f3d78c48-ed97-4eda-8ef5-7445408c402a
Fingerprint a7f10d0885371fcf
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 20, 2019, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 12, 2024, 11:51 a.m.
Headline Mac Malware, Spoofs App, Steals User Information
Title Mac Malware, Spoofs App, Steals User Information
Detected Hints/Tags/Attributes 49/1/24
Source URLs
Redirection Url
Details Source https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/
Details Source https://www.trendmicro.com/en_ca/research/19/i/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Details trendmicro.com blog.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
stockfoli.app
Details Domain 3 
appstockfolio.com
Details Domain 2 
gmzera54l5qpa6lm.onion
Details Domain 5 
stockfolio.app
Details Domain 39 
run.sh
Details Domain 33 
ipecho.net
Details Domain 3 
owpqkszz.info
Details Domain 359 
com.apple
Details Domain 49 
trojan.sh
Details File 13 
link.php
Details File 6 
upd.pl
Details File 2 
trial_stockfoli.zip
Details sha256 1 
6fe741ef057d38dd6d9bbe02dacbcb4940dac6c32e0f50a641e73727d6bf60d9
Details sha256 1 
6f48ef0d76ce68bbca53b05d2d22031aec5ce997e7227c3dcb20809959680f11
Details sha256 2 
efd5b96f489f934f2465a185e43fddf50fcde51b12a8fb91d5d93b09a21706c7
Details sha256 1 
18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7
Details sha256 1 
be8b6549da925f285307b17c616a010a9418af70d090ed960ade575ce27c7787
Details sha256 2 
d50f5e94f2c417623c5f573963cc777c0676cc7245d65967ca09a53f464d2b50
Details sha256 2 
83df2f39140679a9cfb55f9c839ff8e7638ba29dba164900f9c77bb177796e03
Details sha256 2 
faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4
Details IPv4 4 
193.37.212.176
Details Url 3 
https://appstockfolio.com/panel/upload.php
Details Url 2 
http://owpqkszz.info
Details Url 2 
http://owpqkszz.info/link.php?{username}&{ip