evilquest | 2397d21e63637aeea74e50265fcaa1446038b15731224ba622a6c88c7a803ab5 | Triage

Sharing

General

Target

0618127484cf7ec021613d572eed5e3b_JaffaCakes118
Size

168KB
Sample

240428-z6938ahd82
MD5

0618127484cf7ec021613d572eed5e3b
SHA1

04855c774e83667bee54de105cfa9d653692afc0
SHA256

2397d21e63637aeea74e50265fcaa1446038b15731224ba622a6c88c7a803ab5
SHA512

098b800306466698bb806ce408b5bc1fb7d713deae4df6e2182fa54330b8f0074c5a6255251d1f3b4ee4cfa8231965462f34d3885705c92c3cdca487afa3da34
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9qi0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  0618127484cf7ec021613d572eed5e3b_JaffaCakes118
- Size
  
  168KB
- MD5
  
  0618127484cf7ec021613d572eed5e3b
- SHA1
  
  04855c774e83667bee54de105cfa9d653692afc0
- SHA256
  
  2397d21e63637aeea74e50265fcaa1446038b15731224ba622a6c88c7a803ab5
- SHA512
  
  098b800306466698bb806ce408b5bc1fb7d713deae4df6e2182fa54330b8f0074c5a6255251d1f3b4ee4cfa8231965462f34d3885705c92c3cdca487afa3da34
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9qi0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence