evilquest | a5813b2f18f67165775d99da4cba5384dc3f8b4180b154d08c9a2c9303ae60f7 | Triage

Sharing

General

Target

2024-12-24_d7a65661cadb9d714d989370f2379004_adload_evilquest_rekoobe
Size

168KB
Sample

241224-ldhllstnbt
MD5

d7a65661cadb9d714d989370f2379004
SHA1

7dee87f865a6f27d8eb82f7333e03eb3da0064f1
SHA256

a5813b2f18f67165775d99da4cba5384dc3f8b4180b154d08c9a2c9303ae60f7
SHA512

3e842fcb9ad8ece36605f3cae202a0ef14a6cde7d0d309b61354d1a933757db64334aef5ccb2c423769c034e968d2f427967ecfa10b3a94138b7f8516c1561f2
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9//c0:5SeOQdaZNxtk8cqhSxvHY9//

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-24_d7a65661cadb9d714d989370f2379004_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  d7a65661cadb9d714d989370f2379004
- SHA1
  
  7dee87f865a6f27d8eb82f7333e03eb3da0064f1
- SHA256
  
  a5813b2f18f67165775d99da4cba5384dc3f8b4180b154d08c9a2c9303ae60f7
- SHA512
  
  3e842fcb9ad8ece36605f3cae202a0ef14a6cde7d0d309b61354d1a933757db64334aef5ccb2c423769c034e968d2f427967ecfa10b3a94138b7f8516c1561f2
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9//c0:5SeOQdaZNxtk8cqhSxvHY9//
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence