evilquest | 0be5e57b0739fde2e4ad79277a361c6d1b0ebc1aae77d6b61bad0f3877ffeefd | Triage

Sharing

General

Target

0aa7a6dc17d09992a2ecfdafc03c83e6_JaffaCakes118
Size

168KB
Sample

240430-3ejnqsad5v
MD5

0aa7a6dc17d09992a2ecfdafc03c83e6
SHA1

a7a89c8c95c13d747b4c63272d4f244bd644f9f3
SHA256

0be5e57b0739fde2e4ad79277a361c6d1b0ebc1aae77d6b61bad0f3877ffeefd
SHA512

dd19db0f0162c525f114b25ee2de517faa60ae40d128f2f4b561bad5fd0c1d2dbbe98db8708f06826dfccad131778b1c4bf6f822434f0a3f301818fe9e12488c
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9+0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  0aa7a6dc17d09992a2ecfdafc03c83e6_JaffaCakes118
- Size
  
  168KB
- MD5
  
  0aa7a6dc17d09992a2ecfdafc03c83e6
- SHA1
  
  a7a89c8c95c13d747b4c63272d4f244bd644f9f3
- SHA256
  
  0be5e57b0739fde2e4ad79277a361c6d1b0ebc1aae77d6b61bad0f3877ffeefd
- SHA512
  
  dd19db0f0162c525f114b25ee2de517faa60ae40d128f2f4b561bad5fd0c1d2dbbe98db8708f06826dfccad131778b1c4bf6f822434f0a3f301818fe9e12488c
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9+0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence