evilquest | 2c4e16d9d3e39534febbf0ff1a6fc5cb2dd09493198e8bcdc8f0c9f2ce4293af | Triage

Sharing

General

Target

2024-03-08_9931cb568c53c2908d6032457efc399f_adload_evilquest
Size

182KB
Sample

240308-py1jpsfc38
MD5

9931cb568c53c2908d6032457efc399f
SHA1

3196e114473f5a515c64451ddfb3b9c099e3b2e2
SHA256

2c4e16d9d3e39534febbf0ff1a6fc5cb2dd09493198e8bcdc8f0c9f2ce4293af
SHA512

39c93f038f34f970b563a1fc1f692c383d22c398fbaf15fb697c802511c18da780e84edd160da43517462042670921dbf6915f05aadf48d14e918e13a9a895a1
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96KVcZfL0wl9:5SeOQdaZNxtk8cqhSxvHY9ZuZfL7

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-03-08_9931cb568c53c2908d6032457efc399f_adload_evilquest
- Size
  
  182KB
- MD5
  
  9931cb568c53c2908d6032457efc399f
- SHA1
  
  3196e114473f5a515c64451ddfb3b9c099e3b2e2
- SHA256
  
  2c4e16d9d3e39534febbf0ff1a6fc5cb2dd09493198e8bcdc8f0c9f2ce4293af
- SHA512
  
  39c93f038f34f970b563a1fc1f692c383d22c398fbaf15fb697c802511c18da780e84edd160da43517462042670921dbf6915f05aadf48d14e918e13a9a895a1
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96KVcZfL0wl9:5SeOQdaZNxtk8cqhSxvHY9ZuZfL7
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  persistence
- Launch Daemon
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence