evilquest | 22b3a889cd5dc176a62f69bd68a2db340e19b7675637db62477a1b3899da989d | Triage

Submit
Reports

Overview

overview

Static

static

2024-03-29...lquest

macos-10.15-amd64

Sharing

General

Target

2024-03-29_f495b998d1e8f03b4d4354cd213f0e0a_adload_evilquest
Size

190KB
Sample

240329-1thnwaag5v
MD5

f495b998d1e8f03b4d4354cd213f0e0a
SHA1

8e4cf3aab1cf0c9652e8fa1bf69f86c4a8b4062a
SHA256

22b3a889cd5dc176a62f69bd68a2db340e19b7675637db62477a1b3899da989d
SHA512

a52be2df8b4de794d845f6078db3c0085a0b035e4dc0df186cdb9f9cdd715c77f293f3f180a254a8c11cf4a8c39d7dd8845ef1f2e8e83d5fdd547e2bd375c0a4
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Zd20p2Dn5km:5SeOQdaZNxtk8cqhSxvHY9T2Dn5km

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-03-29_f495b998d1e8f03b4d4354cd213f0e0a_adload_evilquest

Resource

macos-20240214-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-29_f495b998d1e8f03b4d4354cd213f0e0a_adload_evilquest
- Size
  
  190KB
- MD5
  
  f495b998d1e8f03b4d4354cd213f0e0a
- SHA1
  
  8e4cf3aab1cf0c9652e8fa1bf69f86c4a8b4062a
- SHA256
  
  22b3a889cd5dc176a62f69bd68a2db340e19b7675637db62477a1b3899da989d
- SHA512
  
  a52be2df8b4de794d845f6078db3c0085a0b035e4dc0df186cdb9f9cdd715c77f293f3f180a254a8c11cf4a8c39d7dd8845ef1f2e8e83d5fdd547e2bd375c0a4
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Zd20p2Dn5km:5SeOQdaZNxtk8cqhSxvHY9T2Dn5km
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2024

Terms | Privacy