evilquest | 5b01cbb35912124fdeda39df81f7a4f203d7a51d241cf9fafb47df4aac452256 | Triage

Sharing

General

Target

03abe20dab7f6e897fff7cf69c2c477d_JaffaCakes118
Size

224KB
Sample

240427-1cvbcahc61
MD5

03abe20dab7f6e897fff7cf69c2c477d
SHA1

7aaafc88805574a128b08ad768b09743732a9464
SHA256

5b01cbb35912124fdeda39df81f7a4f203d7a51d241cf9fafb47df4aac452256
SHA512

e4193fac17ece8e97ec034e2d99819a257362d133d364affaf6eb47826c6aa4d3deea20e9a13ed89cafede7ff084d4dd01a9db9ba02f1acefc07027986375601
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9HpDNQ0Cx6SZwEgOQtbap1z:5SeOQdaZNxtk8cqhSxvHY9HptSeOQdav

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  03abe20dab7f6e897fff7cf69c2c477d_JaffaCakes118
- Size
  
  224KB
- MD5
  
  03abe20dab7f6e897fff7cf69c2c477d
- SHA1
  
  7aaafc88805574a128b08ad768b09743732a9464
- SHA256
  
  5b01cbb35912124fdeda39df81f7a4f203d7a51d241cf9fafb47df4aac452256
- SHA512
  
  e4193fac17ece8e97ec034e2d99819a257362d133d364affaf6eb47826c6aa4d3deea20e9a13ed89cafede7ff084d4dd01a9db9ba02f1acefc07027986375601
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9HpDNQ0Cx6SZwEgOQtbap1z:5SeOQdaZNxtk8cqhSxvHY9HptSeOQdav
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence