evilquest | 9dddb103959085d63823ae4dd1515255873ea44e10d76a401a45bf3251842daf | Triage

Sharing

General

Target

2024-03-04_d0891c4a3c58f4dc8dd56ae37e9b82a5_adload_evilquest
Size

177KB
Sample

240304-prennaac8s
MD5

d0891c4a3c58f4dc8dd56ae37e9b82a5
SHA1

703d0cfc2863a1661f19527d75c8f23b042cf3fd
SHA256

9dddb103959085d63823ae4dd1515255873ea44e10d76a401a45bf3251842daf
SHA512

56ba05fc3dcf57ed1658c10a9f1f3f03402c0b29d62a9b4f3c1c2b7fe32ddb0802d3038974410103a2a7a1fe8e3fb3fa4aa740e7bfbf08d472ed2639b0d23ab8
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9py0k:5SeOQdaZNxtk8cqhSxvHY90

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-03-04_d0891c4a3c58f4dc8dd56ae37e9b82a5_adload_evilquest
- Size
  
  177KB
- MD5
  
  d0891c4a3c58f4dc8dd56ae37e9b82a5
- SHA1
  
  703d0cfc2863a1661f19527d75c8f23b042cf3fd
- SHA256
  
  9dddb103959085d63823ae4dd1515255873ea44e10d76a401a45bf3251842daf
- SHA512
  
  56ba05fc3dcf57ed1658c10a9f1f3f03402c0b29d62a9b4f3c1c2b7fe32ddb0802d3038974410103a2a7a1fe8e3fb3fa4aa740e7bfbf08d472ed2639b0d23ab8
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9py0k:5SeOQdaZNxtk8cqhSxvHY90
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  persistence
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence