evilquest | 45caf50d3a5d897c9c5661174b7928b870c89e11308fb778e10efd734b802ef8 | Triage

Sharing

General

Target

00f96f887451d6294d25dec2daf6d2d0_JaffaCakes118
Size

168KB
Sample

240426-rtdkgsec9w
MD5

00f96f887451d6294d25dec2daf6d2d0
SHA1

0e936a3f7b3499c637417d39abd20187dd501e39
SHA256

45caf50d3a5d897c9c5661174b7928b870c89e11308fb778e10efd734b802ef8
SHA512

ee3daf90f9122292cb64b51ff28df3eac25e0de080e28b18218de1f8e4a64c3a5c3f6f82482fe6b5aa770e2f66635f01f6e53f0d50b7308495dc1e77bff59447
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Cza70:5SeOQdaZNxtk8cqhSxvHY9ma

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  00f96f887451d6294d25dec2daf6d2d0_JaffaCakes118
- Size
  
  168KB
- MD5
  
  00f96f887451d6294d25dec2daf6d2d0
- SHA1
  
  0e936a3f7b3499c637417d39abd20187dd501e39
- SHA256
  
  45caf50d3a5d897c9c5661174b7928b870c89e11308fb778e10efd734b802ef8
- SHA512
  
  ee3daf90f9122292cb64b51ff28df3eac25e0de080e28b18218de1f8e4a64c3a5c3f6f82482fe6b5aa770e2f66635f01f6e53f0d50b7308495dc1e77bff59447
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Cza70:5SeOQdaZNxtk8cqhSxvHY9ma
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence