evilquest | a39f80c93b646d9e94ad659142475ff307a4509e6f9d0d67441d188c58c4b14b | Triage

Submit
Reports

Overview

overview

Static

static

2024-03-31...lquest

macos-10.15-amd64

Sharing

General

Target

2024-03-31_204151930f024dbf555c643c639c4f64_adload_evilquest
Size

389KB
Sample

240331-nnf7msaf5z
MD5

204151930f024dbf555c643c639c4f64
SHA1

f69c7d28132deb9b471d6dddb5f1591e8da0a2d6
SHA256

a39f80c93b646d9e94ad659142475ff307a4509e6f9d0d67441d188c58c4b14b
SHA512

318794bb4c8cff70ab608e8bfd8ab2131d2d83d7bb9cc2b9923b3c2f57197e3c922ff56e8a418717c18649b55d7ac6e2a0686bcc3414ba94aa7fbf18992ef63e
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9BnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYjWIDaJXcl/nfg801

Score

10^/10

evilquest backdoor execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-03-31_204151930f024dbf555c643c639c4f64_adload_evilquest

Resource

macos-20240214-en

evilquest backdoor execution persistence

macos-10.15-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-31_204151930f024dbf555c643c639c4f64_adload_evilquest
- Size
  
  389KB
- MD5
  
  204151930f024dbf555c643c639c4f64
- SHA1
  
  f69c7d28132deb9b471d6dddb5f1591e8da0a2d6
- SHA256
  
  a39f80c93b646d9e94ad659142475ff307a4509e6f9d0d67441d188c58c4b14b
- SHA512
  
  318794bb4c8cff70ab608e8bfd8ab2131d2d83d7bb9cc2b9923b3c2f57197e3c922ff56e8a418717c18649b55d7ac6e2a0686bcc3414ba94aa7fbf18992ef63e
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9BnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYjWIDaJXcl/nfg801
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence

© 2018-2024

Terms | Privacy