evilquest | d98ead3ebc459c6d7a22b2e740cd24afde84e17c3e0b9175da26cce96c752d44 | Triage

Sharing

General

Target

2024-12-23_e5c19993a212ec3e6de35d02a1af6e6f_adload_evilquest_rekoobe
Size

19.5MB
Sample

241223-24rvzatrg1
MD5

e5c19993a212ec3e6de35d02a1af6e6f
SHA1

5f6edb64e581e7f7a1c9c92f67cc8afe45994ecb
SHA256

d98ead3ebc459c6d7a22b2e740cd24afde84e17c3e0b9175da26cce96c752d44
SHA512

08c06e91e311b61e05dad473b8a4f4ff022556f905dc4faa54e5bbd823d6b2f5abe089dbd6b24fe3f35bed833e9f43e714ee1f65b5922eb553b99c2f4fea7bf0
SSDEEP

49152:U33dQ333dQ233dQ333dQ333dQ233dQk33dQ333dx33dQ333dQ233dQ333dQ333d+:+

Score

10^/10

evilquest backdoor execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-23_e5c19993a212ec3e6de35d02a1af6e6f_adload_evilquest_rekoobe
- Size
  
  19.5MB
- MD5
  
  e5c19993a212ec3e6de35d02a1af6e6f
- SHA1
  
  5f6edb64e581e7f7a1c9c92f67cc8afe45994ecb
- SHA256
  
  d98ead3ebc459c6d7a22b2e740cd24afde84e17c3e0b9175da26cce96c752d44
- SHA512
  
  08c06e91e311b61e05dad473b8a4f4ff022556f905dc4faa54e5bbd823d6b2f5abe089dbd6b24fe3f35bed833e9f43e714ee1f65b5922eb553b99c2f4fea7bf0
- SSDEEP
  
  49152:U33dQ333dQ233dQ333dQ333dQ233dQk33dQ333dx33dQ333dQ233dQ333dQ333d+:+
Score

10^/10

evilquest backdoor execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Evilquest family
  evilquest
- Compromise Client Software Binary
  Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Compromise Host Software Binary

Create or Modify System Process

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Daemon

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorexecutionpersistence