Overview

overview

10

Static

static

10

2024-04-26...ekoobe

macos-10.15-amd64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-26_dc7fb97b29abc02fbc9764a01400823c_adload_evilquest_rekoobe

  • Size

    168KB

  • Sample

    240426-hg2bcaba78

  • MD5

    dc7fb97b29abc02fbc9764a01400823c

  • SHA1

    5ed29b03ee47df267ce5cf2e0bc470b0915afe40

  • SHA256

    9bfff3e1661bf6e11e35a73b41d459cbc483eeceb726a25cd491291afefca428

  • SHA512

    36f0e26fe9766e7d0658c609f47c62d1e73abc327f5d06c721381d5e9874a42e1ea754828d0496d13bf1f474b7b0cdaa9a54a62f5302c3ace99f21dcf4082736

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9XK0:5SeOQdaZNxtk8cqhSxvHY9X

Score
10/10
evilquestexecutionmacospersistence

Malware Config

Targets

    • Target

      2024-04-26_dc7fb97b29abc02fbc9764a01400823c_adload_evilquest_rekoobe

    • Size

      168KB

    • MD5

      dc7fb97b29abc02fbc9764a01400823c

    • SHA1

      5ed29b03ee47df267ce5cf2e0bc470b0915afe40

    • SHA256

      9bfff3e1661bf6e11e35a73b41d459cbc483eeceb726a25cd491291afefca428

    • SHA512

      36f0e26fe9766e7d0658c609f47c62d1e73abc327f5d06c721381d5e9874a42e1ea754828d0496d13bf1f474b7b0cdaa9a54a62f5302c3ace99f21dcf4082736

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9XK0:5SeOQdaZNxtk8cqhSxvHY9X

    Score
    5/10
    executionpersistence

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

System Services

1
T1569

Launchctl

1
T1569.001

Persistence

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Privilege Escalation

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks