evilquest | fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b | Triage

Sharing

General

Target

2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
Size

177KB
Sample

240205-rskbmsbghn
MD5

20bc27c3a1892679f741ac52331a434f
SHA1

cfc8ebe1319e9a021c209d59735d7e45731a2f5b
SHA256

fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b
SHA512

9b87765fbf51affe2663dd0cd1c972cb8bdd5871d82925187b97a961fd6907915484abd8dcba94a4b821c245d6c7831668d51bb7cadf6de3669f3ec5cb9a4a0a
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9F0k:5SeOQdaZNxtk8cqhSxvHY9D

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
- Size
  
  177KB
- MD5
  
  20bc27c3a1892679f741ac52331a434f
- SHA1
  
  cfc8ebe1319e9a021c209d59735d7e45731a2f5b
- SHA256
  
  fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b
- SHA512
  
  9b87765fbf51affe2663dd0cd1c972cb8bdd5871d82925187b97a961fd6907915484abd8dcba94a4b821c245d6c7831668d51bb7cadf6de3669f3ec5cb9a4a0a
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9F0k:5SeOQdaZNxtk8cqhSxvHY9D
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  persistence
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence