Analysis
-
max time kernel
119s -
max time network
134s -
platform
macos-10.15_amd64 -
resource
macos-20240214-en -
resource tags
-
submitted
06-04-2024 03:29
General
-
Target
2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest
-
Size
337KB
-
MD5
17611d1be7580158a081ae30a66bc963
-
SHA1
ca6438ac5eec995df18d862d5380715eacb4860d
-
SHA256
ab3f2f8d5808474eab7bb4193207376e2b554b4583ed11b7e29e91415217336c
-
SHA512
c44f3f84cb1f0cad610d41cad54a76418616e3c341b11bd9f9a5e578fab6a591125e9d95ca9c573089fe9e9f8c283a9ec8fe7e2bb8338369a8f0ec115380418a
-
SSDEEP
6144:5SeOQdaZNxtk8cqhSxvHY95SeOQdaZNxtk8cqhSxvHY9:5LOQdaDxq8cqavHY3LOQdaDxq8cqavHY
Malware Config
Signatures
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest1⤵
-
/bin/zsh/bin/zsh -c /Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest2⤵
-
-
/Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest/Users/run/2024-04-06_17611d1be7580158a081ae30a66bc963_adload_evilquest2⤵
-
-
/usr/libexec/dmd/usr/libexec/dmd1⤵
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.nehelper1⤵
-
/usr/libexec/nehelper/usr/libexec/nehelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵
-
/usr/libexec/neagent/usr/libexec/neagent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.newsyslog1⤵
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD555d707d8a498ca399dd49c710374392d
SHA194956fb7af8ebb24faa018be5739179ae2e21dbb
SHA2560de9ce482bde894cb5d5042cfeaf0d54cb0f56ad4852caa4d06ad54a53a7b49f
SHA512e6183083a8f1f1ea5e67806ecbcab5adefc331aca2622e3b846cee48b803a91076dfd9a905573ee71c900bc5563b4e6e7f3ab994de7e29552a01647cd29ad20e
-
Filesize
124KB
MD5a119f72df1a267eb4af9d3bddd6f6caa
SHA1f7dc337b4e9eeaafe0f25f31f3c4899d4c6ac414
SHA256318c453fa98807b0b304714608bcc9781053ce9dfb348c2a33eb7f11ec7a3ea2
SHA51254dd53beb3a15322a938cbc54b973d799a6d1f4589756753ff8fe625109b52e7e8095be234e91a8512b749768b869bf959884348ae676d13616dde1fc4d8d311
-
Filesize
162KB
MD5461dcb8e6914ac8c3efadaa2ab3bfe82
SHA1bfb82d565114a505c0dc45a7b88c64fe24c2a96f
SHA256267aae1978c73f986ab32623d3edd0415e24888226d266bb42943765fbf12904
SHA512b6e500d7c269c1fa7fe796ded05d3489d2c773f1e02ddc87b99a777cb89f5837b527bfcf4a1ec01a155ed8c07bc4fe9b8ff8c7d3672bc9ee89be09c71bac13d2