evilquest | b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a | Triage

Resubmissions

12-02-2024 18:09

240212-wrhtmsce28 10

12-02-2024 09:43

240212-lpzn9sbh65 10

12-02-2024 09:37

240212-llppwshh61 10

Sharing

General

Target

Mixed In Key 8.dmg
Size

10.4MB
Sample

240212-wrhtmsce28
MD5

58680abd58baca826c2029f32e5b78b3
SHA1

98040c4d358a6fb9fed970df283a9b25f0ab393b
SHA256

b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
SHA512

be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
SSDEEP

196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/

Score

10^/10

evilquest backdoor evasion execution macos persistence

Malware Config

Targets

- Target
  
  Mixed In Key 8.dmg
- Size
  
  10.4MB
- MD5
  
  58680abd58baca826c2029f32e5b78b3
- SHA1
  
  98040c4d358a6fb9fed970df283a9b25f0ab393b
- SHA256
  
  b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
- SHA512
  
  be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
- SSDEEP
  
  196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- File Permission
  evasion
- Launch Daemon
  persistence
behavioral1
- Target
  
  Mixed In Key 8.pkg
- Size
  
  10.0MB
- MD5
  
  66405f4bb6db1136037fde9f43830119
- SHA1
  
  0898cd7a55b55853ce9da0f0f360ec31ecec4974
- SHA256
  
  9e8c30955ccb5797efaab676ffdf36fe08ce32d4aab4d18e1a9ed2be43d5db0f
- SHA512
  
  3c176a83742d35b10645b70db4ed2ff00b888073d0daa73c7a4ce11c88b5b2cda818b9ab1844b35192bbd2436567e186ca200432fe4ef8a377ecf4be49da3da1
- SSDEEP
  
  196608:NkBu2wBiw00Bsqbxxf19Hhx7r0A8JAi2RgXuHueFrs/7M+XvEYBu:Kg2whsQrndWJAi28enS/7JXtBu
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- File Permission
  evasion
- Launch Daemon
  persistence
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

Unix Shell

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

behavioral2

evilquestbackdoorevasionexecutionpersistence