Analysis
-
max time network
152s -
platform
macos_amd64 -
resource
macos -
submitted
01-07-2021 16:34
General
-
Target
cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f6
-
Size
15.8MB
-
MD5
0a60f5ae5392114d0f1f16d6c9bc48a0
-
SHA1
fa880f6b62dcab456b8cf329240f9c8793197a5d
-
SHA256
cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f6
-
SHA512
65407ad9bdd244f5989035bddcbf23ece3139341d322e13f8b32f36f18188a921aa7e54172f09f75e71b4c9c9f848d9683cc4fe7e752289543dd43c77a602a21
Score
10/10
Malware Config
Signatures
-
EvilQuest
EvilQuest family.
Processes
-
/bin/shsh -c "sudo /Users/run/cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f6"1⤵
-
/bin/bashsh -c "sudo /Users/run/cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f6"1⤵
-
/usr/bin/sudosudo /Users/run/cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f61⤵
-
/Users/run/cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f6/Users/run/cb465e8289ef83a2b4fb29c0e53206fa01fcf92affd643666940a0ca7ee5c6f62⤵
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\" with administrator privileges"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.authtrampoline1⤵
-
/System/Library/Frameworks/Security.framework/authtrampoline/System/Library/Frameworks/Security.framework/authtrampoline1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-