evilquest | 5167171d6014645b258adf3766edf15730373b2882432334936e25183c15e15d | Triage

Sharing

General

Target

20240906a0c8565871c03f1e08142e89be8d7471adloadevilquestrekoobe
Size

389KB
Sample

240906-l6jz5szglm
MD5

a0c8565871c03f1e08142e89be8d7471
SHA1

0e34f11c9f032a3d93b87dd4ecb7f5cd9f21cdcf
SHA256

5167171d6014645b258adf3766edf15730373b2882432334936e25183c15e15d
SHA512

73bf4bf35e667ac1183d43cd5f662feeedcfccbe3dbbc3d4c2accdcad539682409fd3574b6fdd71bd3f2022d79c9fe26ce5932a21e9156648e291e4b33974360
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9unjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYcWIDaJXcl/nfg801

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  20240906a0c8565871c03f1e08142e89be8d7471adloadevilquestrekoobe
- Size
  
  389KB
- MD5
  
  a0c8565871c03f1e08142e89be8d7471
- SHA1
  
  0e34f11c9f032a3d93b87dd4ecb7f5cd9f21cdcf
- SHA256
  
  5167171d6014645b258adf3766edf15730373b2882432334936e25183c15e15d
- SHA512
  
  73bf4bf35e667ac1183d43cd5f662feeedcfccbe3dbbc3d4c2accdcad539682409fd3574b6fdd71bd3f2022d79c9fe26ce5932a21e9156648e291e4b33974360
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9unjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHYcWIDaJXcl/nfg801
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence