evilquest

General

Target

Mixed In Key 8.dmg
Size

10.4MB
Sample

240518-ra6rxseh59
MD5

58680abd58baca826c2029f32e5b78b3
SHA1

98040c4d358a6fb9fed970df283a9b25f0ab393b
SHA256

b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
SHA512

be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
SSDEEP

196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/

Score

10^/10

Malware Config

Targets

- Target
  
  Mixed In Key 8.dmg
- Size
  
  10.4MB
- MD5
  
  58680abd58baca826c2029f32e5b78b3
- SHA1
  
  98040c4d358a6fb9fed970df283a9b25f0ab393b
- SHA256
  
  b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
- SHA512
  
  be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
- SSDEEP
  
  196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Installer Packages
  Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1
- Target
  
  Mixed In Key 8.pkg
- Size
  
  10.0MB
- MD5
  
  66405f4bb6db1136037fde9f43830119
- SHA1
  
  0898cd7a55b55853ce9da0f0f360ec31ecec4974
- SHA256
  
  9e8c30955ccb5797efaab676ffdf36fe08ce32d4aab4d18e1a9ed2be43d5db0f
- SHA512
  
  3c176a83742d35b10645b70db4ed2ff00b888073d0daa73c7a4ce11c88b5b2cda818b9ab1844b35192bbd2436567e186ca200432fe4ef8a377ecf4be49da3da1
- SSDEEP
  
  196608:NkBu2wBiw00Bsqbxxf19Hhx7r0A8JAi2RgXuHueFrs/7M+XvEYBu:Kg2whsQrndWJAi28enS/7JXtBu
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Installer Packages
  Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral2