Overview

overview

10

Static

static

10

2024-04-28...ekoobe

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-28_02a30918b9a27c71b18f190da71b5a0a_adload_evilquest_rekoobe

  • Size

    168KB

  • Sample

    240428-vj39yacf4w

  • MD5

    02a30918b9a27c71b18f190da71b5a0a

  • SHA1

    7123120c2301677d480297fd3bd1cb7a45f3195c

  • SHA256

    5a5b548bcd07ed5c302bfe57902caacc9614b1168e71b34e908cbfb5a4b6cf29

  • SHA512

    01b19563e7f8c3f490a1f8bcf9f89f66ec0061a0f63240dcc3d223a65d059d713aeb176c4fc50c0afa084916582baea799d9f378990306e607feaf74ca0291ca

  • SSDEEP

    3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9R0:5SeOQdaZNxtk8cqhSxvHY9

Score
10/10
evilquestbackdoorexecutionmacospersistence

Malware Config

Targets

    • Target

      2024-04-28_02a30918b9a27c71b18f190da71b5a0a_adload_evilquest_rekoobe

    • Size

      168KB

    • MD5

      02a30918b9a27c71b18f190da71b5a0a

    • SHA1

      7123120c2301677d480297fd3bd1cb7a45f3195c

    • SHA256

      5a5b548bcd07ed5c302bfe57902caacc9614b1168e71b34e908cbfb5a4b6cf29

    • SHA512

      01b19563e7f8c3f490a1f8bcf9f89f66ec0061a0f63240dcc3d223a65d059d713aeb176c4fc50c0afa084916582baea799d9f378990306e607feaf74ca0291ca

    • SSDEEP

      3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9R0:5SeOQdaZNxtk8cqhSxvHY9

    Score
    10/10
    evilquestbackdoorexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Launch Agent

      Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks