evilquest | 41acab1696f70c8e6261a51ca65b47cc35678f864821bd798251be8105297c1c | Triage

Sharing

General

Target

2024-12-23_e3f06a20013e5e8750cb4a707ac0bbc8_adload_evilquest_rekoobe
Size

168KB
Sample

241223-r48hlssngl
MD5

e3f06a20013e5e8750cb4a707ac0bbc8
SHA1

3ad9d9dae6cbcbb76c77d8fe34e88a1c5b856791
SHA256

41acab1696f70c8e6261a51ca65b47cc35678f864821bd798251be8105297c1c
SHA512

3f42a8ac24ab20b1ff21bdaf5c47ba6f5f95829c8d9164a911e9044f47506ff9c9c17bdf4ac0a633c494668462c1b711bde4d52e71ec634bc20e9be129949da1
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96xpdELR0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-23_e3f06a20013e5e8750cb4a707ac0bbc8_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  e3f06a20013e5e8750cb4a707ac0bbc8
- SHA1
  
  3ad9d9dae6cbcbb76c77d8fe34e88a1c5b856791
- SHA256
  
  41acab1696f70c8e6261a51ca65b47cc35678f864821bd798251be8105297c1c
- SHA512
  
  3f42a8ac24ab20b1ff21bdaf5c47ba6f5f95829c8d9164a911e9044f47506ff9c9c17bdf4ac0a633c494668462c1b711bde4d52e71ec634bc20e9be129949da1
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq96xpdELR0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence