evilquest | d4a9afb55a07d94d43d1d887db17f043e038d239f762ae590a2c1ed97200d891 | Triage

Sharing

General

Target

2024-02-15_4e272ae307509135d27776bd4c5b8147_adload_evilquest
Size

10.7MB
Sample

240215-e9d5qshd37
MD5

4e272ae307509135d27776bd4c5b8147
SHA1

c8b7c5e84fd7e05fccb1d9a99b91f27d0c683b23
SHA256

d4a9afb55a07d94d43d1d887db17f043e038d239f762ae590a2c1ed97200d891
SHA512

5878ceac29a06eab180d80af4ba36c07ef761a071f89df5d6caa0c926ed75e67fbe00472c286d4ba487e01b231a693a15786655de615b923aabb535e574e5672
SSDEEP

49152:U33dQ333dQ333dQ333dQ3C33d/33dQ333dQ333dQ333dQ3C33d/33dQ333dQ333q:j

Score

10^/10

evilquest backdoor evasion execution macos persistence

Malware Config

Targets

- Target
  
  2024-02-15_4e272ae307509135d27776bd4c5b8147_adload_evilquest
- Size
  
  10.7MB
- MD5
  
  4e272ae307509135d27776bd4c5b8147
- SHA1
  
  c8b7c5e84fd7e05fccb1d9a99b91f27d0c683b23
- SHA256
  
  d4a9afb55a07d94d43d1d887db17f043e038d239f762ae590a2c1ed97200d891
- SHA512
  
  5878ceac29a06eab180d80af4ba36c07ef761a071f89df5d6caa0c926ed75e67fbe00472c286d4ba487e01b231a693a15786655de615b923aabb535e574e5672
- SSDEEP
  
  49152:U33dQ333dQ333dQ333dQ3C33d/33dQ333dQ333dQ333dQ3C33d/33dQ333dQ333q:j
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence