evilquest

General

Target

58680abd58baca826c2029f32e5b78b3
Size

10.4MB
Sample

240403-d2s39aef9t
MD5

58680abd58baca826c2029f32e5b78b3
SHA1

98040c4d358a6fb9fed970df283a9b25f0ab393b
SHA256

b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
SHA512

be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
SSDEEP

196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/

Score

10^/10

Malware Config

Targets

- Target
  
  58680abd58baca826c2029f32e5b78b3
- Size
  
  10.4MB
- MD5
  
  58680abd58baca826c2029f32e5b78b3
- SHA1
  
  98040c4d358a6fb9fed970df283a9b25f0ab393b
- SHA256
  
  b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
- SHA512
  
  be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
- SSDEEP
  
  196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Score

1^/10
behavioral1
- Target
  
  .DS_Store
- Size
  
  6KB
- MD5
  
  194577a7e20bdcc7afbb718f502c134c
- SHA1
  
  df2fbeb1400acda0909a32c1cf6bf492f1121e07
- SHA256
  
  d65165279105ca6773180500688df4bdc69a2c7b771752f0a46ef120b7fd8ec3
- SHA512
  
  58941214a8334331e52114aab851fc3d8d5da5dd14983f933da8735c24b0ddcac134e8f13692553199c4d9a14a4b3188b62878a30b9d696edda1204666b60837
- SSDEEP
  
  6:VWAlXN6XkEslX/9ldlXSPnrtHP8//kHLEk0/ulXSPnrtHP8//k:QAXN9EEX/HnXw6XMLEk0/qXw6X
Score

1^/10
behavioral2
- Target
  
  .DS_Store:com.apple.FinderInfo
- Size
  
  32B
- MD5
  
  0600b200c9d0d7f302984c85ba0158b3
- SHA1
  
  b9e7cf3ddc4a8133a48c356a9c546c2647051213
- SHA256
  
  fbca6141e0f158764c3741995d1d39a5ff29930832e67ae8d510f55d7add9c5d
- SHA512
  
  0a3d2fe61c33b14d12f727d8a6158b1df35e3fdb1c8ce7bc394f7285750b8f3d78a85a8d15672d6e5a628159e0abbcdc97ba200964c34762c2e967c30b17c020
Score

1^/10
behavioral3
- Target
  
  0.img
- Size
  
  21.1MB
- MD5
  
  7845badade7fd70beaf79894d229f834
- SHA1
  
  4eb095d1abbb2d9e05ae89116cd872a11c2864fb
- SHA256
  
  379f782ecf5b8b443fe837c71b0154170b3cec5d1549304f402bb95d9712e255
- SHA512
  
  b20b342743b5cb5d74530e66ea85fe6d7ec1c8a397042a890a1dd961f3a96755615124a8c6a049ed518f28f88701da2124e5843edfca2c9cb63e09f40a003cca
- SSDEEP
  
  196608:TkBu2wBiw00Bsqbxxf19Hhx7r0A8JAi2RgXuHueFrs/7M+XvEYB:Ig2whsQrndWJAi28enS/7JXtB
Score

1^/10
behavioral4
- Target
  
  Mixed In Key 8.pkg
- Size
  
  10.0MB
- MD5
  
  66405f4bb6db1136037fde9f43830119
- SHA1
  
  0898cd7a55b55853ce9da0f0f360ec31ecec4974
- SHA256
  
  9e8c30955ccb5797efaab676ffdf36fe08ce32d4aab4d18e1a9ed2be43d5db0f
- SHA512
  
  3c176a83742d35b10645b70db4ed2ff00b888073d0daa73c7a4ce11c88b5b2cda818b9ab1844b35192bbd2436567e186ca200432fe4ef8a377ecf4be49da3da1
- SSDEEP
  
  196608:NkBu2wBiw00Bsqbxxf19Hhx7r0A8JAi2RgXuHueFrs/7M+XvEYBu:Kg2whsQrndWJAi28enS/7JXtBu
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Installer Packages
  Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral5