evilquest | 0dfe7e6e2bd79947d160d69186efa14758843cb619abbbaa71710a22ef5b2124 | Triage

Sharing

General

Target

2024-10-05_2bb6bdbce1793626f4dfeb1a1179bbc4_adload_evilquest_rekoobe
Size

190KB
Sample

241005-e1kk6avgmj
MD5

2bb6bdbce1793626f4dfeb1a1179bbc4
SHA1

c7372c8f8ce2ca2aa5e0e698e1d0053832835a1c
SHA256

0dfe7e6e2bd79947d160d69186efa14758843cb619abbbaa71710a22ef5b2124
SHA512

7a3f5ed03a511d9f6f71064c112c7743d08f2feae75f866d8e142a07a695b62a6c9f43cbb897ba62fc5b607103d169656eb133718291947b0c9d1a0b28d8f0ea
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96w0p2Dn5km:5SeOQdaZNxtk8cqhSxvHY96R2Dn5km

Score

10^/10

evilquest backdoor evasion execution macos persistence

Malware Config

Targets

- Target
  
  2024-10-05_2bb6bdbce1793626f4dfeb1a1179bbc4_adload_evilquest_rekoobe
- Size
  
  190KB
- MD5
  
  2bb6bdbce1793626f4dfeb1a1179bbc4
- SHA1
  
  c7372c8f8ce2ca2aa5e0e698e1d0053832835a1c
- SHA256
  
  0dfe7e6e2bd79947d160d69186efa14758843cb619abbbaa71710a22ef5b2124
- SHA512
  
  7a3f5ed03a511d9f6f71064c112c7743d08f2feae75f866d8e142a07a695b62a6c9f43cbb897ba62fc5b607103d169656eb133718291947b0c9d1a0b28d8f0ea
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96w0p2Dn5km:5SeOQdaZNxtk8cqhSxvHY96R2Dn5km
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence