Overview

overview

10

Static

static

10

0030582d99...kes118

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0030582d9908d971baa86fc2c1776281_JaffaCakes118

  • Size

    168KB

  • Sample

    240426-g99mraag8t

  • MD5

    0030582d9908d971baa86fc2c1776281

  • SHA1

    53faf722f684c916c96337aecbd6f9112b0db0b3

  • SHA256

    43eeb078b670d36490ad9396f476319342a18684e7265924d4b6076eba1dc620

  • SHA512

    b615e7f3465d1b2361f1e6ccbfa8c57252869806a8b54f808a1d06b2631396e8770a536779dce3d2b5484347d987d48fb22af02e8cc95f2877e673a5ccd097b2

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9660:5SeOQdaZNxtk8cqhSxvHY96

Score
10/10
evilquestbackdoorevasionexecutionmacospersistence

Malware Config

Targets

    • Target

      0030582d9908d971baa86fc2c1776281_JaffaCakes118

    • Size

      168KB

    • MD5

      0030582d9908d971baa86fc2c1776281

    • SHA1

      53faf722f684c916c96337aecbd6f9112b0db0b3

    • SHA256

      43eeb078b670d36490ad9396f476319342a18684e7265924d4b6076eba1dc620

    • SHA512

      b615e7f3465d1b2361f1e6ccbfa8c57252869806a8b54f808a1d06b2631396e8770a536779dce3d2b5484347d987d48fb22af02e8cc95f2877e673a5ccd097b2

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9660:5SeOQdaZNxtk8cqhSxvHY96

    Score
    10/10
    evilquestbackdoorevasionexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

System Services

1
T1569

Launchctl

1
T1569.001

Persistence

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Privilege Escalation

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Defense Evasion

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks