evilquest | 8547543012056fa3bbf507c2bba204d7c6aa8ed62f17ee482496c90b93316ed0 | Triage

Sharing

General

Target

2024-12-19_367f0c3b54cfedbc4b9ae0ccfd0efc94_adload_evilquest_rekoobe
Size

389KB
Sample

241219-fcdclszldl
MD5

367f0c3b54cfedbc4b9ae0ccfd0efc94
SHA1

14826bd21bccff08a1bcdbaf88b206570ed370d6
SHA256

8547543012056fa3bbf507c2bba204d7c6aa8ed62f17ee482496c90b93316ed0
SHA512

7ca34137a34e7a57ac477b75a0349a2dc1189e7d4ebcb0c153ba4fc7378554037be2f30fc4b69a68c4e82e617e112120d6353bce16ea40c8060df664e1216551
SSDEEP

6144:5SeOQdaZNxtk8cqhSxvHY9cpQnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHY/WIDaJXcl/nfg801

Score

10^/10

evilquest backdoor evasion execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-19_367f0c3b54cfedbc4b9ae0ccfd0efc94_adload_evilquest_rekoobe
- Size
  
  389KB
- MD5
  
  367f0c3b54cfedbc4b9ae0ccfd0efc94
- SHA1
  
  14826bd21bccff08a1bcdbaf88b206570ed370d6
- SHA256
  
  8547543012056fa3bbf507c2bba204d7c6aa8ed62f17ee482496c90b93316ed0
- SHA512
  
  7ca34137a34e7a57ac477b75a0349a2dc1189e7d4ebcb0c153ba4fc7378554037be2f30fc4b69a68c4e82e617e112120d6353bce16ea40c8060df664e1216551
- SSDEEP
  
  6144:5SeOQdaZNxtk8cqhSxvHY9cpQnjCIQwa6QXbYRPuCnfL08Y/ok5XM7mM6QS7MkBh:5LOQdaDxq8cqavHY/WIDaJXcl/nfg801
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Evilquest family
  evilquest
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence