evilquest | 8c6c6a2bb2c7dcc752d945e9679a421a9dd0df9dbd4331a3b2ae19d1138e12ea | Triage

Sharing

General

Target

2024-04-11_d7d89db67983ebb938beb313103a5dc9_adload_evilquest
Size

168KB
Sample

240411-1qfp4seb65
MD5

d7d89db67983ebb938beb313103a5dc9
SHA1

7c3e382e3ddd202c21f216429601209de32c3bc3
SHA256

8c6c6a2bb2c7dcc752d945e9679a421a9dd0df9dbd4331a3b2ae19d1138e12ea
SHA512

60022b2516ec0d3b58ab036b6f39f248dc0db46b7438cae2d4e27db6950e4bd4053708d84928df5a2b088b223f283469fa2b6e1dcb262b7bbd0564a04cbbdcdf
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9QA0:5SeOQdaZNxtk8cqhSxvHY9Q

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-04-11_d7d89db67983ebb938beb313103a5dc9_adload_evilquest
- Size
  
  168KB
- MD5
  
  d7d89db67983ebb938beb313103a5dc9
- SHA1
  
  7c3e382e3ddd202c21f216429601209de32c3bc3
- SHA256
  
  8c6c6a2bb2c7dcc752d945e9679a421a9dd0df9dbd4331a3b2ae19d1138e12ea
- SHA512
  
  60022b2516ec0d3b58ab036b6f39f248dc0db46b7438cae2d4e27db6950e4bd4053708d84928df5a2b088b223f283469fa2b6e1dcb262b7bbd0564a04cbbdcdf
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9QA0:5SeOQdaZNxtk8cqhSxvHY9Q
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence