evilquest | e3ba13836d74b16fc4052bcfcb1708605cc5b61b6bc86a1106df01e97c4e85dc | Triage

Sharing

General

Target

2024-03-08_540b267400c78952363ab1fa00f8caa8_adload_evilquest
Size

389KB
Sample

240308-ptzfvafa78
MD5

540b267400c78952363ab1fa00f8caa8
SHA1

4749f1060f19843781225539919a10e7c7ca3272
SHA256

e3ba13836d74b16fc4052bcfcb1708605cc5b61b6bc86a1106df01e97c4e85dc
SHA512

9c06aac780684ccb671e9cafbd5700df75808849f17d5fd15feb2f751b3ec5ee799839e56bf83ebdc4c5899cfb6ae24ba05487dae54f68ee03b124a44613451f
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9ZuZfCnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7Ms:5LOQdaDxq8cqavHYrWIDaJXcl/nfg801

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-03-08_540b267400c78952363ab1fa00f8caa8_adload_evilquest
- Size
  
  389KB
- MD5
  
  540b267400c78952363ab1fa00f8caa8
- SHA1
  
  4749f1060f19843781225539919a10e7c7ca3272
- SHA256
  
  e3ba13836d74b16fc4052bcfcb1708605cc5b61b6bc86a1106df01e97c4e85dc
- SHA512
  
  9c06aac780684ccb671e9cafbd5700df75808849f17d5fd15feb2f751b3ec5ee799839e56bf83ebdc4c5899cfb6ae24ba05487dae54f68ee03b124a44613451f
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9ZuZfCnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7Ms:5LOQdaDxq8cqavHYrWIDaJXcl/nfg801
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  persistence
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence