evilquest | b22dd93184bd9447090a7fb85d7c2010ef30422622c65a1632518b86901091e0 | Triage

Sharing

General

Target

2024-03-04_72a8bd836b4171fbfa3f1ee17e5bd4a2_adload_evilquest
Size

190KB
Sample

240304-pndl7abc77
MD5

72a8bd836b4171fbfa3f1ee17e5bd4a2
SHA1

54a59bb03abf1d7dbd5822bed8e49f440cf6a61d
SHA256

b22dd93184bd9447090a7fb85d7c2010ef30422622c65a1632518b86901091e0
SHA512

ef14fb33974eae129b4da67036434af7065cfdc6f7443ed5972717a3676a818c1c6b38aae3def3a99790170e5b4ec1722b031e5e894a6d4c09090445b3b61f0a
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9py0p2Dn5km:5SeOQdaZNxtk8cqhSxvHY952Dn5km

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-03-04_72a8bd836b4171fbfa3f1ee17e5bd4a2_adload_evilquest
- Size
  
  190KB
- MD5
  
  72a8bd836b4171fbfa3f1ee17e5bd4a2
- SHA1
  
  54a59bb03abf1d7dbd5822bed8e49f440cf6a61d
- SHA256
  
  b22dd93184bd9447090a7fb85d7c2010ef30422622c65a1632518b86901091e0
- SHA512
  
  ef14fb33974eae129b4da67036434af7065cfdc6f7443ed5972717a3676a818c1c6b38aae3def3a99790170e5b4ec1722b031e5e894a6d4c09090445b3b61f0a
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9py0p2Dn5km:5SeOQdaZNxtk8cqhSxvHY952Dn5km
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  persistence
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence