evilquest | 55832f32e9ef543e6c24394025ebf4b5a6e13561bcbe8ade0f015611d11693d1 | Triage

Submit
Reports

Overview

overview

Static

static

000c1e86a4...kes118

macos-10.15-amd64

Sharing

General

Target

000c1e86a49c6f2a66dc3419946bac81_JaffaCakes118
Size

168KB
Sample

240425-zm43vsef72
MD5

000c1e86a49c6f2a66dc3419946bac81
SHA1

7f4f0e180708828ebce1b27f9e9145ebc4885245
SHA256

55832f32e9ef543e6c24394025ebf4b5a6e13561bcbe8ade0f015611d11693d1
SHA512

92bd7f57657a04956523a8be7a542d009bee4ed41c88bcf6d6e35019a2117f66d24a128a47a99f2612e21537c1225139fcb7f4747b5634fe90a9793f610a605c
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9+YB0:5SeOQdaZNxtk8cqhSxvHY9R

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

000c1e86a49c6f2a66dc3419946bac81_JaffaCakes118

Resource

macos-20240410-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  000c1e86a49c6f2a66dc3419946bac81_JaffaCakes118
- Size
  
  168KB
- MD5
  
  000c1e86a49c6f2a66dc3419946bac81
- SHA1
  
  7f4f0e180708828ebce1b27f9e9145ebc4885245
- SHA256
  
  55832f32e9ef543e6c24394025ebf4b5a6e13561bcbe8ade0f015611d11693d1
- SHA512
  
  92bd7f57657a04956523a8be7a542d009bee4ed41c88bcf6d6e35019a2117f66d24a128a47a99f2612e21537c1225139fcb7f4747b5634fe90a9793f610a605c
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9+YB0:5SeOQdaZNxtk8cqhSxvHY9R
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2024

Terms | Privacy