evilquest | 40d4822a4bebe956214d3047dc1c7f7d966e8487f7c57cce41e8bf258a7f8c33 | Triage

Sharing

General

Target

0abab8ff89e23e9a790f0b555586f9e8_JaffaCakes118
Size

168KB
Sample

240501-ae8zeabb8s
MD5

0abab8ff89e23e9a790f0b555586f9e8
SHA1

63f898132868fe9844d43406cf8aeddd361166bd
SHA256

40d4822a4bebe956214d3047dc1c7f7d966e8487f7c57cce41e8bf258a7f8c33
SHA512

96d580916c2ad8a9d9697b120412f7ee2857a494feb1fcda5c763d3d9b4d77678ad7533d102ffbc77b284a12b5a08d500bb0e6fc1b4f1f70308fbab30e4d00e8
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq940:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  0abab8ff89e23e9a790f0b555586f9e8_JaffaCakes118
- Size
  
  168KB
- MD5
  
  0abab8ff89e23e9a790f0b555586f9e8
- SHA1
  
  63f898132868fe9844d43406cf8aeddd361166bd
- SHA256
  
  40d4822a4bebe956214d3047dc1c7f7d966e8487f7c57cce41e8bf258a7f8c33
- SHA512
  
  96d580916c2ad8a9d9697b120412f7ee2857a494feb1fcda5c763d3d9b4d77678ad7533d102ffbc77b284a12b5a08d500bb0e6fc1b4f1f70308fbab30e4d00e8
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq940:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence