evilquest | bf1a1fdbbd548e8c683a41c97ab8ac1c583e680f9c01bf55eb79b2d4e0def4d8 | Triage

Sharing

General

Target

2024-11-05_3846caa162054a3780fc638ae8f9fc10_adload_evilquest_rekoobe
Size

168KB
Sample

241105-t7tjzatpew
MD5

3846caa162054a3780fc638ae8f9fc10
SHA1

73137fb7456a128c79234527bd4788a24cf51da1
SHA256

bf1a1fdbbd548e8c683a41c97ab8ac1c583e680f9c01bf55eb79b2d4e0def4d8
SHA512

e794dba7977201a19fc6d56a7c34d742b8f919e961cd14bec4c7419de841d8f324dcf3faa57650b152190237a821e6f351a9fc3af86268d132e5d35669c9bd13
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9p0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-11-05_3846caa162054a3780fc638ae8f9fc10_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  3846caa162054a3780fc638ae8f9fc10
- SHA1
  
  73137fb7456a128c79234527bd4788a24cf51da1
- SHA256
  
  bf1a1fdbbd548e8c683a41c97ab8ac1c583e680f9c01bf55eb79b2d4e0def4d8
- SHA512
  
  e794dba7977201a19fc6d56a7c34d742b8f919e961cd14bec4c7419de841d8f324dcf3faa57650b152190237a821e6f351a9fc3af86268d132e5d35669c9bd13
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9p0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence