Overview

overview

10

Static

static

10

2024-05-01...ekoobe

macos-10.15-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-01_c401807bb0ece7667550366cfa3de822_adload_evilquest_rekoobe

  • Size

    8.6MB

  • Sample

    240501-ezmn5aff4x

  • MD5

    c401807bb0ece7667550366cfa3de822

  • SHA1

    34d125c16a86a904aef72490044ff27afcd57912

  • SHA256

    0be8c3f1d96a734d2be49fafdecf6738a9648ca684c3113ad50f781f0364cd10

  • SHA512

    2aac86bd75f6b0181a803bc29d90d70e2c60e015b8be3a9b450bc2ce55c4c6a6f8ed2a9019e4d3e82f4b6a84c5712c87e10bd891dbf01eb481592a283e12cb01

  • SSDEEP

    49152:U33dQ333dQk33dQ333dQS33dQ333dQk33dQ333dQk33dQ333dQk33dQ333dQS3Oh:DSLEuO

Score
10/10
evilquestbackdoorevasionexecutionmacospersistence

Malware Config

Targets

    • Target

      2024-05-01_c401807bb0ece7667550366cfa3de822_adload_evilquest_rekoobe

    • Size

      8.6MB

    • MD5

      c401807bb0ece7667550366cfa3de822

    • SHA1

      34d125c16a86a904aef72490044ff27afcd57912

    • SHA256

      0be8c3f1d96a734d2be49fafdecf6738a9648ca684c3113ad50f781f0364cd10

    • SHA512

      2aac86bd75f6b0181a803bc29d90d70e2c60e015b8be3a9b450bc2ce55c4c6a6f8ed2a9019e4d3e82f4b6a84c5712c87e10bd891dbf01eb481592a283e12cb01

    • SSDEEP

      49152:U33dQ333dQk33dQ333dQS33dQ333dQk33dQ333dQk33dQ333dQk33dQ333dQS3Oh:DSLEuO

    Score
    10/10
    evilquestbackdoorevasionexecutionpersistence

    • EvilQuest

      EvilQuest family.

      backdoorevilquest

    • EvilQuest payload

    • Compromise Client Software Binary

      Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.

      persistence

    • Launch Daemon

      Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks