evilquest | ecc2246ba11d99dfdcc96f5f8dee80410ad57358434ad3f3afeab5406e506765 | Triage

Sharing

General

Target

2024-10-12_fd0f9e2a3eaa6627af11cdec9d25c577_adload_evilquest_rekoobe
Size

168KB
Sample

241012-rmgzbsvcna
MD5

fd0f9e2a3eaa6627af11cdec9d25c577
SHA1

a303ca54afe1be4bef8a472f6577817d8fab16be
SHA256

ecc2246ba11d99dfdcc96f5f8dee80410ad57358434ad3f3afeab5406e506765
SHA512

d9ca0e0d019d6c855839013e629594aec06b2fbbdd492aa3038d06a63899ba77aaec90d3b2cd705c97c613febf48b0ed119108f87271807763db228caacd8dc5
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dD0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-10-12_fd0f9e2a3eaa6627af11cdec9d25c577_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  fd0f9e2a3eaa6627af11cdec9d25c577
- SHA1
  
  a303ca54afe1be4bef8a472f6577817d8fab16be
- SHA256
  
  ecc2246ba11d99dfdcc96f5f8dee80410ad57358434ad3f3afeab5406e506765
- SHA512
  
  d9ca0e0d019d6c855839013e629594aec06b2fbbdd492aa3038d06a63899ba77aaec90d3b2cd705c97c613febf48b0ed119108f87271807763db228caacd8dc5
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dD0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence