evilquest | eaff00bb9a60ca15c4ffcce8139badc707c6ee2a67aefad584fdeb0ae32291eb | Triage

Sharing

General

Target

2024-09-06_b9d9c640ae8635c41645f69d838daccf_adload_evilquest_rekoobe
Size

168KB
Sample

240906-a84lsaxfrd
MD5

b9d9c640ae8635c41645f69d838daccf
SHA1

bdc6fe45198c9de57278a40e95116deb3438a024
SHA256

eaff00bb9a60ca15c4ffcce8139badc707c6ee2a67aefad584fdeb0ae32291eb
SHA512

4ed8dd17f8ff94ff7cb67e2dc8818cc7840f252e094a2863dd0b8500868147d2fc600d3d9c97c8e1f43b9195c5ce47c5039b8f980b0e9e8c821160f733be354f
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9W0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-09-06_b9d9c640ae8635c41645f69d838daccf_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  b9d9c640ae8635c41645f69d838daccf
- SHA1
  
  bdc6fe45198c9de57278a40e95116deb3438a024
- SHA256
  
  eaff00bb9a60ca15c4ffcce8139badc707c6ee2a67aefad584fdeb0ae32291eb
- SHA512
  
  4ed8dd17f8ff94ff7cb67e2dc8818cc7840f252e094a2863dd0b8500868147d2fc600d3d9c97c8e1f43b9195c5ce47c5039b8f980b0e9e8c821160f733be354f
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9W0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence