evilquest | ad34a4e85282f41e8fa18f5d13a1d6a552ad80795d85003999205af0a852f074 | Triage

Sharing

General

Target

2024-10-16_63935b4266ff4a7babb097f0b301e531_adload_evilquest_rekoobe
Size

359KB
Sample

241016-lg5wbataqg
MD5

63935b4266ff4a7babb097f0b301e531
SHA1

d36562cdd710fd51c6cb660c2cc42f9526365ea5
SHA256

ad34a4e85282f41e8fa18f5d13a1d6a552ad80795d85003999205af0a852f074
SHA512

ccd8cc85fe0049984eb1970bfa2e0495aacdf58609d422fabbfd0a7fd67c4ce580a9087d696adb1a975c6d39240c87ea5d3774feac20cab1e3b181178c162136
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9VSeOQdaZNxtk8cqhSxvHY962Dn5kE:5LOQdaDxq8cqavHYXLOQdaDxq8cqavHM

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-10-16_63935b4266ff4a7babb097f0b301e531_adload_evilquest_rekoobe
- Size
  
  359KB
- MD5
  
  63935b4266ff4a7babb097f0b301e531
- SHA1
  
  d36562cdd710fd51c6cb660c2cc42f9526365ea5
- SHA256
  
  ad34a4e85282f41e8fa18f5d13a1d6a552ad80795d85003999205af0a852f074
- SHA512
  
  ccd8cc85fe0049984eb1970bfa2e0495aacdf58609d422fabbfd0a7fd67c4ce580a9087d696adb1a975c6d39240c87ea5d3774feac20cab1e3b181178c162136
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9VSeOQdaZNxtk8cqhSxvHY962Dn5kE:5LOQdaDxq8cqavHYXLOQdaDxq8cqavHM
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence