evilquest | 90b5a701c41fa4e2ea33a9fbde45ca4c9906c523fa75bae168c6f1c0aad59044 | Triage

Sharing

General

Target

2024-02-15_e9742f14ac3a1b793087bd6ca3f87e16_adload_evilquest
Size

12.2MB
Sample

240215-fh1ebshg22
MD5

e9742f14ac3a1b793087bd6ca3f87e16
SHA1

dc3e4eafa03f1b757a2b106a843e23663513c5d1
SHA256

90b5a701c41fa4e2ea33a9fbde45ca4c9906c523fa75bae168c6f1c0aad59044
SHA512

0260b923049f94e739ba190bb52f9502f7844be6b40a06a60eb818d61c6dcdfa07eed4c1f099ee6a7c8f39bf7f6d0911d8d4ed283fd4c60828095621ffe0163e
SSDEEP

49152:U33dQ33g833dQ33533dQ33g833dQ33h33dQ33g833dQ33533dQ33g833dQ33533I:8dnY

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-02-15_e9742f14ac3a1b793087bd6ca3f87e16_adload_evilquest
- Size
  
  12.2MB
- MD5
  
  e9742f14ac3a1b793087bd6ca3f87e16
- SHA1
  
  dc3e4eafa03f1b757a2b106a843e23663513c5d1
- SHA256
  
  90b5a701c41fa4e2ea33a9fbde45ca4c9906c523fa75bae168c6f1c0aad59044
- SHA512
  
  0260b923049f94e739ba190bb52f9502f7844be6b40a06a60eb818d61c6dcdfa07eed4c1f099ee6a7c8f39bf7f6d0911d8d4ed283fd4c60828095621ffe0163e
- SSDEEP
  
  49152:U33dQ33g833dQ33533dQ33g833dQ33h33dQ33g833dQ33533dQ33g833dQ33533I:8dnY
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence