evilquest | 37e46f36cecec3414d419fe6c51cd31d28d50f2b28babd05f1300db262fd2889 | Triage

Sharing

General

Target

0036f2327c98163dc7972788a23eca6d_JaffaCakes118
Size

168KB
Sample

240426-hjm7habb27
MD5

0036f2327c98163dc7972788a23eca6d
SHA1

a31e81761a11fae8dab1918c151118a6c7c3ebc9
SHA256

37e46f36cecec3414d419fe6c51cd31d28d50f2b28babd05f1300db262fd2889
SHA512

66159879b34e44f54feb003f2034501c22aea289ecc576b26524ddf1aceaa8c888a250135d7ce7aa73db9d553f40a2e62452f57e343f7f92ad3085f6ce12d1ec
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9VR2N0:5SeOQdaZNxtk8cqhSxvHY92

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  0036f2327c98163dc7972788a23eca6d_JaffaCakes118
- Size
  
  168KB
- MD5
  
  0036f2327c98163dc7972788a23eca6d
- SHA1
  
  a31e81761a11fae8dab1918c151118a6c7c3ebc9
- SHA256
  
  37e46f36cecec3414d419fe6c51cd31d28d50f2b28babd05f1300db262fd2889
- SHA512
  
  66159879b34e44f54feb003f2034501c22aea289ecc576b26524ddf1aceaa8c888a250135d7ce7aa73db9d553f40a2e62452f57e343f7f92ad3085f6ce12d1ec
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9VR2N0:5SeOQdaZNxtk8cqhSxvHY92
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence