evilquest | 63c195b2cf12188b12ce11f363178cb20cba71f8df435029bd3deaefa06fc676 | Triage

Sharing

General

Target

02554f35b3ba7b707a17f2a0a5295950_JaffaCakes118
Size

168KB
Sample

240427-d666nsba5w
MD5

02554f35b3ba7b707a17f2a0a5295950
SHA1

24963c0ee4d31577a617c15f69fd4cdf1a16c923
SHA256

63c195b2cf12188b12ce11f363178cb20cba71f8df435029bd3deaefa06fc676
SHA512

55baf54898db7df1edfd96c3d064b75fc6067ee15276231a0b59b69994855ed10006dd725030b3b76022417a1d6d92d2dde0c6a1260801ea7ea7717ea329abb9
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9U0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  02554f35b3ba7b707a17f2a0a5295950_JaffaCakes118
- Size
  
  168KB
- MD5
  
  02554f35b3ba7b707a17f2a0a5295950
- SHA1
  
  24963c0ee4d31577a617c15f69fd4cdf1a16c923
- SHA256
  
  63c195b2cf12188b12ce11f363178cb20cba71f8df435029bd3deaefa06fc676
- SHA512
  
  55baf54898db7df1edfd96c3d064b75fc6067ee15276231a0b59b69994855ed10006dd725030b3b76022417a1d6d92d2dde0c6a1260801ea7ea7717ea329abb9
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9U0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence