General
-
Target
Mixed In Key 8.dmg
-
Size
10.4MB
-
Sample
240602-abvbvabf4s
-
MD5
58680abd58baca826c2029f32e5b78b3
-
SHA1
98040c4d358a6fb9fed970df283a9b25f0ab393b
-
SHA256
b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
-
SHA512
be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
-
SSDEEP
196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Static task
static1
Behavioral task
behavioral1
Sample
Mixed In Key 8.dmg
Resource
macos-20240410-en
Behavioral task
behavioral2
Sample
Mixed In Key 8.dmg
Resource
macos-20240410-en
Behavioral task
behavioral3
Sample
Mixed In Key 8.pkg
Resource
macos-20240410-en
Behavioral task
behavioral4
Sample
Mixed In Key 8.pkg
Resource
macos-20240410-en
Malware Config
Extracted
/Users/run/Desktop/READ_ME_NOW.txt
13roGMpWd7Pb3ZoJyce8eoQpfegQvGHHK7
Targets
-
-
Target
Mixed In Key 8.dmg
-
Size
10.4MB
-
MD5
58680abd58baca826c2029f32e5b78b3
-
SHA1
98040c4d358a6fb9fed970df283a9b25f0ab393b
-
SHA256
b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
-
SHA512
be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
-
SSDEEP
196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Score10/10-
EvilQuest payload
-
Compromise Client Software Binary
Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
-
File Permission
Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Installer Packages
Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
-
Launch Daemon
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
-
-
Target
Mixed In Key 8.pkg
-
Size
10.0MB
-
MD5
66405f4bb6db1136037fde9f43830119
-
SHA1
0898cd7a55b55853ce9da0f0f360ec31ecec4974
-
SHA256
9e8c30955ccb5797efaab676ffdf36fe08ce32d4aab4d18e1a9ed2be43d5db0f
-
SHA512
3c176a83742d35b10645b70db4ed2ff00b888073d0daa73c7a4ce11c88b5b2cda818b9ab1844b35192bbd2436567e186ca200432fe4ef8a377ecf4be49da3da1
-
SSDEEP
196608:NkBu2wBiw00Bsqbxxf19Hhx7r0A8JAi2RgXuHueFrs/7M+XvEYBu:Kg2whsQrndWJAi28enS/7JXtBu
-
EvilQuest payload
-
Compromise Client Software Binary
Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
-
File Permission
Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Installer Packages
Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
-
Launch Daemon
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2AppleScript
1Unix Shell
1System Services
1Launchctl
1Persistence
Compromise Host Software Binary
1Create or Modify System Process
1Launch Daemon
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Create or Modify System Process
1Launch Daemon
1Event Triggered Execution
1Installer Packages
1