evilquest | 1de53df362367fb9fcc2af9e616935dd26e2bb0bfb6842142e6815de65543deb | Triage

Submit
Reports

Overview

overview

Static

static

2024-08-24...ekoobe

macos-10.15-amd64

Sharing

General

Target

2024-08-24_4b20836253df5ffdb411d12bc5ea6fca_adload_evilquest_rekoobe
Size

168KB
Sample

240824-ezznpavcpj
MD5

4b20836253df5ffdb411d12bc5ea6fca
SHA1

24a63706ffa204266bd4a39d7e65ae4521fd51df
SHA256

1de53df362367fb9fcc2af9e616935dd26e2bb0bfb6842142e6815de65543deb
SHA512

a2ad47a77a10b54924f9d5220fea9af8f05da0e4a0706cf1798ca1619ef374c5364f76898bf2f3a1fed118f9afc69dea4d35a92de1c9e6505bb5502d05cd72c1
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Ve0:5SeOQdaZNxtk8cqhSxvHY9V

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-08-24_4b20836253df5ffdb411d12bc5ea6fca_adload_evilquest_rekoobe

Resource

macos-20240711.1-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-08-24_4b20836253df5ffdb411d12bc5ea6fca_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  4b20836253df5ffdb411d12bc5ea6fca
- SHA1
  
  24a63706ffa204266bd4a39d7e65ae4521fd51df
- SHA256
  
  1de53df362367fb9fcc2af9e616935dd26e2bb0bfb6842142e6815de65543deb
- SHA512
  
  a2ad47a77a10b54924f9d5220fea9af8f05da0e4a0706cf1798ca1619ef374c5364f76898bf2f3a1fed118f9afc69dea4d35a92de1c9e6505bb5502d05cd72c1
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Ve0:5SeOQdaZNxtk8cqhSxvHY9V
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2024

Terms | Privacy