evilquest | f6cf3b293016e8fe87c8b71863d170a76ba0a2953f694d51e87fbc69d23c8d24 | Triage

Sharing

General

Target

2024-10-12_40574b3657804414b7b00eca2ff8feac_adload_evilquest_rekoobe
Size

168KB
Sample

241012-r4hxyswapa
MD5

40574b3657804414b7b00eca2ff8feac
SHA1

fec202cfa5fb6e83e75a76c6bce306f29236eaad
SHA256

f6cf3b293016e8fe87c8b71863d170a76ba0a2953f694d51e87fbc69d23c8d24
SHA512

8e5ec7432e433a4b1890138916fe23ba4276e678470f246ebee23da9f0f891da818a50368cb3f935cca71568d163b9e06a4eb2260449b427ae8ce5460cb3ba36
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9QWsiS38l3B30:5SeOQdaZNxtk8cqhSxvHY9cF

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-10-12_40574b3657804414b7b00eca2ff8feac_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  40574b3657804414b7b00eca2ff8feac
- SHA1
  
  fec202cfa5fb6e83e75a76c6bce306f29236eaad
- SHA256
  
  f6cf3b293016e8fe87c8b71863d170a76ba0a2953f694d51e87fbc69d23c8d24
- SHA512
  
  8e5ec7432e433a4b1890138916fe23ba4276e678470f246ebee23da9f0f891da818a50368cb3f935cca71568d163b9e06a4eb2260449b427ae8ce5460cb3ba36
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9QWsiS38l3B30:5SeOQdaZNxtk8cqhSxvHY9cF
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence