evilquest | 16e4b1df2f6ebe981a8df6c24a1c0e72d318a44433576ae803e76f47b4029331 | Triage

Sharing

General

Target

0da1d3761ab108675b8d296141b7086d_JaffaCakes118
Size

168KB
Sample

240502-f7r49acb59
MD5

0da1d3761ab108675b8d296141b7086d
SHA1

61851ef635c85410178dfd2390695d2f31c84c0d
SHA256

16e4b1df2f6ebe981a8df6c24a1c0e72d318a44433576ae803e76f47b4029331
SHA512

4e1ab2ad80618212adb3594abac78ac0a45e499768973b425f42130d83e9b7bdb1b4aa607c23f14923819506342e72a75e9c4cb6dcaeb3b911e98799f99655ea
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dzY0:5SeOQdaZNxtk8cqhSxvHY9dz

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  0da1d3761ab108675b8d296141b7086d_JaffaCakes118
- Size
  
  168KB
- MD5
  
  0da1d3761ab108675b8d296141b7086d
- SHA1
  
  61851ef635c85410178dfd2390695d2f31c84c0d
- SHA256
  
  16e4b1df2f6ebe981a8df6c24a1c0e72d318a44433576ae803e76f47b4029331
- SHA512
  
  4e1ab2ad80618212adb3594abac78ac0a45e499768973b425f42130d83e9b7bdb1b4aa607c23f14923819506342e72a75e9c4cb6dcaeb3b911e98799f99655ea
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dzY0:5SeOQdaZNxtk8cqhSxvHY9dz
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence