evilquest | 2b3538b3cf576721086339dbd48f59fabf7e6124e3be52c45f027b82a31f9223 | Triage

Sharing

General

Target

2024-12-23_d87b6d5990eb7da66a092c00498567f2_adload_evilquest_rekoobe
Size

168KB
Sample

241223-24lzqatrgx
MD5

d87b6d5990eb7da66a092c00498567f2
SHA1

a6800777614f97b519fd0549c1a6a398462c5a03
SHA256

2b3538b3cf576721086339dbd48f59fabf7e6124e3be52c45f027b82a31f9223
SHA512

caf6487379bf8bc340e353fb70b9e3e7fab491e31ea93e92f0161acbe404430308bcce0c9917f7a5f2df9ced53570932529e69480e1a1400b875fb6cdc48f520
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9GQG0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest evasion execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-23_d87b6d5990eb7da66a092c00498567f2_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  d87b6d5990eb7da66a092c00498567f2
- SHA1
  
  a6800777614f97b519fd0549c1a6a398462c5a03
- SHA256
  
  2b3538b3cf576721086339dbd48f59fabf7e6124e3be52c45f027b82a31f9223
- SHA512
  
  caf6487379bf8bc340e353fb70b9e3e7fab491e31ea93e92f0161acbe404430308bcce0c9917f7a5f2df9ced53570932529e69480e1a1400b875fb6cdc48f520
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9GQG0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

evasion execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistence