evilquest | 5aa8ecc045b4740baa1df5af369789bdfb5fe5ad6fdae960defe63413ba9ebd5 | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-07...lquest

macos-10.15-amd64

Sharing

General

Target

2024-04-07_7bf238fdf30f95de34b929417e3c1340_adload_evilquest
Size

389KB
Sample

240407-e647radb3v
MD5

7bf238fdf30f95de34b929417e3c1340
SHA1

f4f2e6f6daaa75d2811b2fcb346c59e7167604e5
SHA256

5aa8ecc045b4740baa1df5af369789bdfb5fe5ad6fdae960defe63413ba9ebd5
SHA512

19b0d02a95b170fca50dab2942114a443db8aff8e1953362f234a04fa7db96ece3d9982b75a68a17b43c293cf0954c55bc3e48bb7ecbabc164f7e05fbc9ea248
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9unjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYEWIDaJXcl/nfg801

Score

10^/10

evilquest backdoor execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-04-07_7bf238fdf30f95de34b929417e3c1340_adload_evilquest

Resource

macos-20240214-en

evilquest backdoor execution persistence

macos-10.15-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-07_7bf238fdf30f95de34b929417e3c1340_adload_evilquest
- Size
  
  389KB
- MD5
  
  7bf238fdf30f95de34b929417e3c1340
- SHA1
  
  f4f2e6f6daaa75d2811b2fcb346c59e7167604e5
- SHA256
  
  5aa8ecc045b4740baa1df5af369789bdfb5fe5ad6fdae960defe63413ba9ebd5
- SHA512
  
  19b0d02a95b170fca50dab2942114a443db8aff8e1953362f234a04fa7db96ece3d9982b75a68a17b43c293cf0954c55bc3e48bb7ecbabc164f7e05fbc9ea248
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9unjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYEWIDaJXcl/nfg801
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence

© 2018-2025

Terms | Privacy