evilquest | 4ceed05ea9c82dc710fdec1f3aa2a76427accf9a3c2d1edfd9ff5fb822b70342 | Triage

Sharing

General

Target

018edfcb069f8dfd338d3420314ed0e2_JaffaCakes118
Size

168KB
Sample

240426-ytkr5aca6y
MD5

018edfcb069f8dfd338d3420314ed0e2
SHA1

056a046db6e8894fbdeac71eb1966ed592c56f6e
SHA256

4ceed05ea9c82dc710fdec1f3aa2a76427accf9a3c2d1edfd9ff5fb822b70342
SHA512

b37ef22f9c97d2f5b98d8a4654a42939f7268b89ce08c533f59375edd44a86eb2a8724efd87940065708f96c59720c0eba1e601b718f32c537e67207b031540a
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq960:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  018edfcb069f8dfd338d3420314ed0e2_JaffaCakes118
- Size
  
  168KB
- MD5
  
  018edfcb069f8dfd338d3420314ed0e2
- SHA1
  
  056a046db6e8894fbdeac71eb1966ed592c56f6e
- SHA256
  
  4ceed05ea9c82dc710fdec1f3aa2a76427accf9a3c2d1edfd9ff5fb822b70342
- SHA512
  
  b37ef22f9c97d2f5b98d8a4654a42939f7268b89ce08c533f59375edd44a86eb2a8724efd87940065708f96c59720c0eba1e601b718f32c537e67207b031540a
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq960:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence