I made an analysis for this exact malware, but got as far as making a DRAFT.
But i investigated the "Updater.class" in the spotlight instead, but i also found the "plugin-config.bin" seen by paper.
Shocked to see that this malware from the wild go so far.
https://ljskatt.no/analysis/updater_class/
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.