Overview

overview

10

Static

static

10

04a28d0a7e...kes118

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04a28d0a7ec04f97b7d0f577a57312d6_JaffaCakes118

  • Size

    168KB

  • Sample

    240428-hvzpnsae74

  • MD5

    04a28d0a7ec04f97b7d0f577a57312d6

  • SHA1

    3f750b2140169066da012a39b50983bb40c00c59

  • SHA256

    08021489eb01eba8778b499cb0d4d56d824e9e3440fc9e94656be21b3a031f6b

  • SHA512

    adf363d85263dcf4f9bb65fc4368edd19cc44ca5a6552f9f62242710f3c5fc3260e7eb7e79bbd05bddcf2fc43354413c35f97186527ce1856f40840af8fa56c9

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9y0:5SeOQdaZNxtk8cqhSxvHY9

Score
10/10
evilquestbackdoorexecutionmacospersistence

Malware Config

Targets

    • Target

      04a28d0a7ec04f97b7d0f577a57312d6_JaffaCakes118

    • Size

      168KB

    • MD5

      04a28d0a7ec04f97b7d0f577a57312d6

    • SHA1

      3f750b2140169066da012a39b50983bb40c00c59

    • SHA256

      08021489eb01eba8778b499cb0d4d56d824e9e3440fc9e94656be21b3a031f6b

    • SHA512

      adf363d85263dcf4f9bb65fc4368edd19cc44ca5a6552f9f62242710f3c5fc3260e7eb7e79bbd05bddcf2fc43354413c35f97186527ce1856f40840af8fa56c9

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9y0:5SeOQdaZNxtk8cqhSxvHY9

    Score
    10/10
    evilquestbackdoorexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks