evilquest | ec520e951eebf4e7193b7279c460d7aeec4d44cc463e6bf5200c86c05d793cff | Triage

Sharing

General

Target

2024-12-23_1e096e830e4491cd79c35a0c46850f39_adload_evilquest_rekoobe
Size

1.8MB
Sample

241223-216jystrbv
MD5

1e096e830e4491cd79c35a0c46850f39
SHA1

3700d9aab3aa1ca3064ac15d822da2794da69e6c
SHA256

ec520e951eebf4e7193b7279c460d7aeec4d44cc463e6bf5200c86c05d793cff
SHA512

61f9780f6862be308373e76ad850f6c62a8572d2e8196a5e9f0c72f134c6646ed5eb60fc9c78848ed1172e5580ea6d34da177f2ed4b2b766f79405b37f794416
SSDEEP

6144:UtjZtjZtjvtjGtjZtjZtjZtjvtjGtjGtjZtjZtjvtjGtjZtjZtjZtjvttbSjIVg5:U33dQ333dQk33dQ333d7GGcTN

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-23_1e096e830e4491cd79c35a0c46850f39_adload_evilquest_rekoobe
- Size
  
  1.8MB
- MD5
  
  1e096e830e4491cd79c35a0c46850f39
- SHA1
  
  3700d9aab3aa1ca3064ac15d822da2794da69e6c
- SHA256
  
  ec520e951eebf4e7193b7279c460d7aeec4d44cc463e6bf5200c86c05d793cff
- SHA512
  
  61f9780f6862be308373e76ad850f6c62a8572d2e8196a5e9f0c72f134c6646ed5eb60fc9c78848ed1172e5580ea6d34da177f2ed4b2b766f79405b37f794416
- SSDEEP
  
  6144:UtjZtjZtjvtjGtjZtjZtjZtjvtjGtjGtjZtjZtjvtjGtjZtjZtjZtjvttbSjIVg5:U33dQ333dQk33dQ333d7GGcTN
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Evilquest family
  evilquest
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Compromise Host Software Binary

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence