evilquest | 25c8ab5a1919760c7c50f5887ad676cde36af087a81f08d97cf52a901e15c432 | Triage

Sharing

General

Target

2024-12-25_4014c48d92c9ff893f9f82db94671fa5_adload_evilquest_rekoobe
Size

168KB
Sample

241225-mtk74ssldm
MD5

4014c48d92c9ff893f9f82db94671fa5
SHA1

2841129b902f3221896cae909dfb662034a93d8b
SHA256

25c8ab5a1919760c7c50f5887ad676cde36af087a81f08d97cf52a901e15c432
SHA512

9eb4e894aaadff981c1fa09f899b6adbac11d79becf1e310096bcbc73535f2617fa02fd9170d9eb76deb9cc2066d7fc92ce3c5265dd2717f4b2f5165fd5045f5
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9t0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest evasion execution macos persistence

Malware Config

Targets

- Target
  
  2024-12-25_4014c48d92c9ff893f9f82db94671fa5_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  4014c48d92c9ff893f9f82db94671fa5
- SHA1
  
  2841129b902f3221896cae909dfb662034a93d8b
- SHA256
  
  25c8ab5a1919760c7c50f5887ad676cde36af087a81f08d97cf52a901e15c432
- SHA512
  
  9eb4e894aaadff981c1fa09f899b6adbac11d79becf1e310096bcbc73535f2617fa02fd9170d9eb76deb9cc2066d7fc92ce3c5265dd2717f4b2f5165fd5045f5
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9t0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

evasion execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistence