evilquest | ed9f3791900be8065162d5555d5831e5496883b8afeff9428d448d8b413b41ee | Triage

Submit
Reports

Overview

overview

Static

static

2024-10-05...ekoobe

macos-10.15-amd64

Sharing

General

Target

2024-10-05_327c2e364d7d39c6d11fa58c8abaffb1_adload_evilquest_rekoobe
Size

177KB
Sample

241005-e1pvwazblg
MD5

327c2e364d7d39c6d11fa58c8abaffb1
SHA1

12981b1f1cb97aa6a533aa95bf1d78298ea3c64e
SHA256

ed9f3791900be8065162d5555d5831e5496883b8afeff9428d448d8b413b41ee
SHA512

2b46a8db718ae9c81a42c709a6b290dd2e572d55c950757f4ba4fc3ec9d114d718033afec44b41dbf20506a294aec375e75e8c0567c1a6bc8d9a5625bb8d75a6
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96w0k:5SeOQdaZNxtk8cqhSxvHY968

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-10-05_327c2e364d7d39c6d11fa58c8abaffb1_adload_evilquest_rekoobe

Resource

macos-20240711.1-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-10-05_327c2e364d7d39c6d11fa58c8abaffb1_adload_evilquest_rekoobe
- Size
  
  177KB
- MD5
  
  327c2e364d7d39c6d11fa58c8abaffb1
- SHA1
  
  12981b1f1cb97aa6a533aa95bf1d78298ea3c64e
- SHA256
  
  ed9f3791900be8065162d5555d5831e5496883b8afeff9428d448d8b413b41ee
- SHA512
  
  2b46a8db718ae9c81a42c709a6b290dd2e572d55c950757f4ba4fc3ec9d114d718033afec44b41dbf20506a294aec375e75e8c0567c1a6bc8d9a5625bb8d75a6
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96w0k:5SeOQdaZNxtk8cqhSxvHY968
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2024

Terms | Privacy