Analysis
-
max time network
152s -
platform
macos_amd64 -
resource
macos -
submitted
01-07-2021 16:35
General
-
Target
5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b
-
Size
85KB
-
MD5
322f4fb8f257a2e651b128c41df92b1d
-
SHA1
efbb681a61967e6f5a811f8649ec26efe16f50ae
-
SHA256
5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b
-
SHA512
33c8cf815e4b37a3481c0ba4dfb14a4735a46575f6f70d5b351a8595e4ec8886224577c89c80d726f2e3d7cf2460d0cdd983379acb5fda0a9b7310f86c988e53
Score
10/10
Malware Config
Signatures
-
EvilQuest
EvilQuest family.
Processes
-
/bin/shsh -c "sudo /Users/run/5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b"1⤵
-
/bin/bashsh -c "sudo /Users/run/5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b"1⤵
-
/usr/bin/sudosudo /Users/run/5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b1⤵
-
/Users/run/5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b/Users/run/5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b2⤵
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\" with administrator privileges"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.authtrampoline1⤵
-
/System/Library/Frameworks/Security.framework/authtrampoline/System/Library/Frameworks/Security.framework/authtrampoline1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\" with administrator privileges"1⤵
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd"1⤵
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.questd.plist2⤵
-
-
/bin/launchctllaunchctl start questd2⤵
-