evilquest | ed8c759e3d11616b22a7df71c41667d6c72fc0b61da54d5db52b54d1e517a4ce | Triage

Sharing

General

Target

2024-11-21_4fdc4b41194fb30e58493f049c77f138_adload_evilquest_rekoobe
Size

168KB
Sample

241121-tvs3nsshqe
MD5

4fdc4b41194fb30e58493f049c77f138
SHA1

45524166db8fde24e7fc9352d9c36d242b501997
SHA256

ed8c759e3d11616b22a7df71c41667d6c72fc0b61da54d5db52b54d1e517a4ce
SHA512

c5aa5b5471d7ddd227a2c778258f7a7c82a23c5bda50debdc467c07885839930fa8d90522f92a9c59c38382e64944cfda1f54135c6ebdb352d8d5a8e7645bc5b
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9WO0:5SeOQdaZNxtk8cqhSxvHY9W

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-11-21_4fdc4b41194fb30e58493f049c77f138_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  4fdc4b41194fb30e58493f049c77f138
- SHA1
  
  45524166db8fde24e7fc9352d9c36d242b501997
- SHA256
  
  ed8c759e3d11616b22a7df71c41667d6c72fc0b61da54d5db52b54d1e517a4ce
- SHA512
  
  c5aa5b5471d7ddd227a2c778258f7a7c82a23c5bda50debdc467c07885839930fa8d90522f92a9c59c38382e64944cfda1f54135c6ebdb352d8d5a8e7645bc5b
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9WO0:5SeOQdaZNxtk8cqhSxvHY9W
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence