Overview

overview

10

Static

static

10

0075faa830...kes118

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0075faa830c5a62071f9c2fe08a3f7cf_JaffaCakes118

  • Size

    168KB

  • Sample

    240426-lberyadd8t

  • MD5

    0075faa830c5a62071f9c2fe08a3f7cf

  • SHA1

    40eebc4a45caa18ea94665bda99791f259e41c5c

  • SHA256

    4bd580c2f1a30c12294238fa466113ffe8c4b2a08d31d924707a1d872dddf437

  • SHA512

    fd71ce8f3cf7e33c4edf870fe853744236978a4f719917c2742eee0076cf1ba6363f9e6fffed8751c06559521370e44a2a47c389d2f28349f0999dde2b97c4bc

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq94rq7Nb0:5SeOQdaZNxtk8cqhSxvHY94rq7N

Score
10/10
evilquestbackdoorexecutionmacospersistence

Malware Config

Targets

    • Target

      0075faa830c5a62071f9c2fe08a3f7cf_JaffaCakes118

    • Size

      168KB

    • MD5

      0075faa830c5a62071f9c2fe08a3f7cf

    • SHA1

      40eebc4a45caa18ea94665bda99791f259e41c5c

    • SHA256

      4bd580c2f1a30c12294238fa466113ffe8c4b2a08d31d924707a1d872dddf437

    • SHA512

      fd71ce8f3cf7e33c4edf870fe853744236978a4f719917c2742eee0076cf1ba6363f9e6fffed8751c06559521370e44a2a47c389d2f28349f0999dde2b97c4bc

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq94rq7Nb0:5SeOQdaZNxtk8cqhSxvHY94rq7N

    Score
    10/10
    evilquestbackdoorexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

AppleScript

1
T1059.002

System Services

1
T1569

Launchctl

1
T1569.001

Persistence

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Privilege Escalation

Create or Modify System Process

2
T1543

Launch Agent

1
T1543.001

Launch Daemon

1
T1543.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks