Overview

overview

10

Static

static

10

089

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    089

  • Size

    111KB

  • Sample

    240403-gv9zzaad95

  • MD5

    4cc38bfe7fa5515d34cfb832e99b642a

  • SHA1

    31190bd9c8acb4bf014e0dfc76fd7ea20c6a4cbb

  • SHA256

    bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48

  • SHA512

    c9a0dad10c1d3dc8978f0f8679504a5577f46d0ecb15f9c184ae8aa50273a22aa9563eb225b7bfaf0c5eb0595266d52121f7ae444ae5177842fb6080fb08941b

  • SSDEEP

    1536:hlf+osue27mi//J45HOWBovfiJ3765Z2wg:hlfvs72fZ4xO7HiJ37Xwg

Score
10/10
evilquestbackdoorexecutionmacospersistence

Malware Config

Targets

    • Target

      089

    • Size

      111KB

    • MD5

      4cc38bfe7fa5515d34cfb832e99b642a

    • SHA1

      31190bd9c8acb4bf014e0dfc76fd7ea20c6a4cbb

    • SHA256

      bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48

    • SHA512

      c9a0dad10c1d3dc8978f0f8679504a5577f46d0ecb15f9c184ae8aa50273a22aa9563eb225b7bfaf0c5eb0595266d52121f7ae444ae5177842fb6080fb08941b

    • SSDEEP

      1536:hlf+osue27mi//J45HOWBovfiJ3765Z2wg:hlfvs72fZ4xO7HiJ37Xwg

    Score
    10/10
    evilquestbackdoorexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks