evilquest | 40c59822cd12927bee52756464921433f8493ec6224a626075569ceb4413cb5e | Triage

Submit
Reports

Overview

overview

Static

static

00ff7d1fcb...kes118

macos-10.15-amd64

Sharing

General

Target

00ff7d1fcbeae75e90c503c81dce1dfc_JaffaCakes118
Size

168KB
Sample

240426-r2qj1see7t
MD5

00ff7d1fcbeae75e90c503c81dce1dfc
SHA1

51f9533b6293ddd0c9cef039744e217afa18d267
SHA256

40c59822cd12927bee52756464921433f8493ec6224a626075569ceb4413cb5e
SHA512

2169defcb59ed59062b69df7774040a050922d8779058f675ad8bcaa3f82b0e415bb6d9310c4b4554481c7e33aba2f40fe8af1758c4091e8f8004728c6aea508
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9MF0:5SeOQdaZNxtk8cqhSxvHY9M

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00ff7d1fcbeae75e90c503c81dce1dfc_JaffaCakes118

Resource

macos-20240410-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  00ff7d1fcbeae75e90c503c81dce1dfc_JaffaCakes118
- Size
  
  168KB
- MD5
  
  00ff7d1fcbeae75e90c503c81dce1dfc
- SHA1
  
  51f9533b6293ddd0c9cef039744e217afa18d267
- SHA256
  
  40c59822cd12927bee52756464921433f8493ec6224a626075569ceb4413cb5e
- SHA512
  
  2169defcb59ed59062b69df7774040a050922d8779058f675ad8bcaa3f82b0e415bb6d9310c4b4554481c7e33aba2f40fe8af1758c4091e8f8004728c6aea508
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9MF0:5SeOQdaZNxtk8cqhSxvHY9M
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2024

Terms | Privacy