evilquest | 72bb78f1a4add936fb4a4405e34d0d3be0d2e5911ddac3e90911ec8a8be4334d | Triage

Submit
Reports

Overview

overview

Static

static

2024-03-31...lquest

macos-10.15-amd64

Sharing

General

Target

2024-03-31_6d374189a7280fd999e9bb6b7d0af542_adload_evilquest
Size

182KB
Sample

240331-n34aqaah9z
MD5

6d374189a7280fd999e9bb6b7d0af542
SHA1

5b89c393b2946d0628875ce460754f71101ecb16
SHA256

72bb78f1a4add936fb4a4405e34d0d3be0d2e5911ddac3e90911ec8a8be4334d
SHA512

b8564d1aab6adfa5066f9422b9cebbb732113f4dcd4d0d0fc290581dc07cb9ddeebd651bad2b869919b8af94152bef7bf3cab3469932dfadd28a57bff7f3c120
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Zd204Gd:5SeOQdaZNxtk8cqhSxvHY9eGd

Score

10^/10

evilquest backdoor execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-03-31_6d374189a7280fd999e9bb6b7d0af542_adload_evilquest

Resource

macos-20240214-en

evilquest backdoor execution persistence

macos-10.15-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-31_6d374189a7280fd999e9bb6b7d0af542_adload_evilquest
- Size
  
  182KB
- MD5
  
  6d374189a7280fd999e9bb6b7d0af542
- SHA1
  
  5b89c393b2946d0628875ce460754f71101ecb16
- SHA256
  
  72bb78f1a4add936fb4a4405e34d0d3be0d2e5911ddac3e90911ec8a8be4334d
- SHA512
  
  b8564d1aab6adfa5066f9422b9cebbb732113f4dcd4d0d0fc290581dc07cb9ddeebd651bad2b869919b8af94152bef7bf3cab3469932dfadd28a57bff7f3c120
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Zd204Gd:5SeOQdaZNxtk8cqhSxvHY9eGd
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence

© 2018-2024

Terms | Privacy