evilquest | 927608b3ab5c9ddbaa61ebe7779072127d721714bae8904c81aa1de4a5e5d44d | Triage

Sharing

General

Target

2024-05-03_7063f63e55d576f17a01cdcfb9864fd7_adload_evilquest_rekoobe
Size

337KB
Sample

240503-gcm3gsae36
MD5

7063f63e55d576f17a01cdcfb9864fd7
SHA1

9ecdc06f5059359c296d43ebb96529c99a2a915c
SHA256

927608b3ab5c9ddbaa61ebe7779072127d721714bae8904c81aa1de4a5e5d44d
SHA512

8ba1ffc04eff49ee2d04cde65b5c1de7f667917f49727e6d2be56d277a669efe10755c4e5e4016f7e5b924cddc07cb76010774892d8e38cb2532fa5b6b4e010e
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY93SeOQdaZNxtk8cqhSxvHY9:5LOQdaDxq8cqavHYRLOQdaDxq8cqavHY

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-05-03_7063f63e55d576f17a01cdcfb9864fd7_adload_evilquest_rekoobe
- Size
  
  337KB
- MD5
  
  7063f63e55d576f17a01cdcfb9864fd7
- SHA1
  
  9ecdc06f5059359c296d43ebb96529c99a2a915c
- SHA256
  
  927608b3ab5c9ddbaa61ebe7779072127d721714bae8904c81aa1de4a5e5d44d
- SHA512
  
  8ba1ffc04eff49ee2d04cde65b5c1de7f667917f49727e6d2be56d277a669efe10755c4e5e4016f7e5b924cddc07cb76010774892d8e38cb2532fa5b6b4e010e
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY93SeOQdaZNxtk8cqhSxvHY9:5LOQdaDxq8cqavHYRLOQdaDxq8cqavHY
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence