evilquest | 0c94d80613801d155bce76c512eff3d1049742600f261a8d31b8c2ae731e8959 | Triage

Sharing

General

Target

00142ebaac470f73a4158b306a0dc786_JaffaCakes118
Size

168KB
Sample

240425-zytq9seh83
MD5

00142ebaac470f73a4158b306a0dc786
SHA1

dedab2c9fc19367083175d91995ac3c4b65d3027
SHA256

0c94d80613801d155bce76c512eff3d1049742600f261a8d31b8c2ae731e8959
SHA512

2e5a799e472a4103cdb5f319e27fa4aa9f0a683c6c40f1577fa42a5dd47657dddf3e53e4393ba938528698d006a51c05ab8f52ec00510864ae11ff4e9f9d6c3d
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq960:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  00142ebaac470f73a4158b306a0dc786_JaffaCakes118
- Size
  
  168KB
- MD5
  
  00142ebaac470f73a4158b306a0dc786
- SHA1
  
  dedab2c9fc19367083175d91995ac3c4b65d3027
- SHA256
  
  0c94d80613801d155bce76c512eff3d1049742600f261a8d31b8c2ae731e8959
- SHA512
  
  2e5a799e472a4103cdb5f319e27fa4aa9f0a683c6c40f1577fa42a5dd47657dddf3e53e4393ba938528698d006a51c05ab8f52ec00510864ae11ff4e9f9d6c3d
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq960:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence