Overview

overview

10

Static

static

10

3afb321a3e....macho

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3afb321a3e194a41da2ee825c922da21205cf64003e39b73ccc8b3a2fb80acbc.zip

  • Size

    3.7MB

  • Sample

    240404-1lx4labg97

  • MD5

    d1776ead9add1eea59ced7d3f98042b6

  • SHA1

    44bc838f35949848f56415e0fe684b4da4a07b50

  • SHA256

    1346205f1991e648aa8ce2dc7f97d98c058dababd315f129ecdc0278a088024e

  • SHA512

    1c16a4ee0b91d009dc937d9709fb0f2418a8ccc1c279203c96a30f3c180b9a40cdcb217bd5ed1f8e86729d0c89e038cb9ff1900e05da9e439c4a4d42603f5fb1

  • SSDEEP

    98304:dWsDTbo5a86cKEN8dbuJa3PC8bkU33ZTrLXip:dWIQIEIu+qc5HZQ

Score
10/10
evilquestbackdoorexecutionmacospersistence

Malware Config

Targets

    • Target

      3afb321a3e194a41da2ee825c922da21205cf64003e39b73ccc8b3a2fb80acbc.macho

    • Size

      8.0MB

    • MD5

      832837adb745a3f708c3b0043c937f62

    • SHA1

      8e8127b2bd6052ca9c11f2284b253d7cb26388a2

    • SHA256

      3afb321a3e194a41da2ee825c922da21205cf64003e39b73ccc8b3a2fb80acbc

    • SHA512

      de7f1b2ed5464fb7052fdccebd497fc10ffde72f37183da5a732c14e36e6ec438aed2ee06c910ae13d638f5cbe242de809c613aca51e63976827f1920215897f

    • SSDEEP

      49152:U33dQ333dQ33b33dQ333dQ33b33dQ333dQ33b33dQ333dQ33b33dQ333dQ33b33P:O

    Score
    10/10
    evilquestbackdoorexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Compromise Client Software Binary

      Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks