evilquest | 2ad461e3de346b8eec04d2e5926b3105f6aaa7165070ec91938dbef09a29e120 | Triage

Sharing

General

Target

2024-12-23_84a4f4f8c8591cf1024b41a8ac11fed9_adload_evilquest_rekoobe
Size

3.5MB
Sample

241223-1rty5aspeq
MD5

84a4f4f8c8591cf1024b41a8ac11fed9
SHA1

0b64f3d007f3301d102dd3d9dcd95b68d96e5f2d
SHA256

2ad461e3de346b8eec04d2e5926b3105f6aaa7165070ec91938dbef09a29e120
SHA512

5508f2449c664a056f8594bc2c41a98b10b5ec89c16e6241c24cd1f91396da20b4965186d3a590f32f9ce06381830479b10fa5fd3ff089f59641163b0bdba6d0
SSDEEP

49152:U33dQ333dQk33dQ33G33dQ333dQk33dQ33f33dQ333X:4

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-23_84a4f4f8c8591cf1024b41a8ac11fed9_adload_evilquest_rekoobe
- Size
  
  3.5MB
- MD5
  
  84a4f4f8c8591cf1024b41a8ac11fed9
- SHA1
  
  0b64f3d007f3301d102dd3d9dcd95b68d96e5f2d
- SHA256
  
  2ad461e3de346b8eec04d2e5926b3105f6aaa7165070ec91938dbef09a29e120
- SHA512
  
  5508f2449c664a056f8594bc2c41a98b10b5ec89c16e6241c24cd1f91396da20b4965186d3a590f32f9ce06381830479b10fa5fd3ff089f59641163b0bdba6d0
- SSDEEP
  
  49152:U33dQ333dQk33dQ33G33dQ333dQk33dQ33f33dQ333X:4
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Evilquest family
  evilquest
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Compromise Host Software Binary

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence