evilquest | 1e468b1d177cd48603f0736751a9ec1538baece915bcd5e2bcc5507b45c8a1ee | Triage

Sharing

General

Target

00dfdd9067c5013c5c179301f91c2978_JaffaCakes118
Size

168KB
Sample

240426-qr8geacf58
MD5

00dfdd9067c5013c5c179301f91c2978
SHA1

5c7ccc55c6d097519e19e68d9c5797516c8bc4f7
SHA256

1e468b1d177cd48603f0736751a9ec1538baece915bcd5e2bcc5507b45c8a1ee
SHA512

64fe607cba864b87bdd9de4857360165874ce3c4f78a6dde31bec46ff11b9579d4d09d2fa4c7e57427df0522a87b2a32c0e5f081150b3607f2fb025815002efd
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9e3biu10:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  00dfdd9067c5013c5c179301f91c2978_JaffaCakes118
- Size
  
  168KB
- MD5
  
  00dfdd9067c5013c5c179301f91c2978
- SHA1
  
  5c7ccc55c6d097519e19e68d9c5797516c8bc4f7
- SHA256
  
  1e468b1d177cd48603f0736751a9ec1538baece915bcd5e2bcc5507b45c8a1ee
- SHA512
  
  64fe607cba864b87bdd9de4857360165874ce3c4f78a6dde31bec46ff11b9579d4d09d2fa4c7e57427df0522a87b2a32c0e5f081150b3607f2fb025815002efd
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9e3biu10:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionpersistence