evilquest | 334db6529592bb3c8a26fd62bbdc00b94c60a96ef6f5f3361e1cb932a37dbdba | Triage

Sharing

General

Target

02c0320702f67d3fcd4cf75dc0e56d2f_JaffaCakes118
Size

337KB
Sample

240427-jla6dseb49
MD5

02c0320702f67d3fcd4cf75dc0e56d2f
SHA1

6b6735f0f6d08666d55e47ae1b08e5afb1b34c30
SHA256

334db6529592bb3c8a26fd62bbdc00b94c60a96ef6f5f3361e1cb932a37dbdba
SHA512

163beec7bb1ec9ff5e42e81c6265984f144af3d3e0ff4bf67fb1e1d56f5f87c5f7b5f50611bce776855b65e23eea183c784680998ed140e3521bbfe4f675b9d5
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9xSeOQdaZNxtk8cqhSxvHY9:5LOQdaDxq8cqavHY/LOQdaDxq8cqavHY

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  02c0320702f67d3fcd4cf75dc0e56d2f_JaffaCakes118
- Size
  
  337KB
- MD5
  
  02c0320702f67d3fcd4cf75dc0e56d2f
- SHA1
  
  6b6735f0f6d08666d55e47ae1b08e5afb1b34c30
- SHA256
  
  334db6529592bb3c8a26fd62bbdc00b94c60a96ef6f5f3361e1cb932a37dbdba
- SHA512
  
  163beec7bb1ec9ff5e42e81c6265984f144af3d3e0ff4bf67fb1e1d56f5f87c5f7b5f50611bce776855b65e23eea183c784680998ed140e3521bbfe4f675b9d5
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9xSeOQdaZNxtk8cqhSxvHY9:5LOQdaDxq8cqavHY/LOQdaDxq8cqavHY
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence