evilquest | 2a7a8064109e287ad883414e735095ff3fd2d29d31e899eadc57c3a336d995b9 | Triage

Submit
Reports

Overview

overview

Static

static

2024-12-29...ekoobe

macos-10.15-amd64

Sharing

General

Target

2024-12-29_1ab0e94ac2722b394cff6a3d2ffb095b_adload_evilquest_rekoobe
Size

168KB
Sample

241229-xcbbpavqhj
MD5

1ab0e94ac2722b394cff6a3d2ffb095b
SHA1

bb7f33c3d102bf23b491e9f54172589aff9e874b
SHA256

2a7a8064109e287ad883414e735095ff3fd2d29d31e899eadc57c3a336d995b9
SHA512

aea4a274f319bccac3a844bb8221ffbc9b47c75969e574deb7a3422acdf606c3ebbba5fa5ce0a5bb340e3d739e2f643fc79981c3f3167b77bf815561de182707
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9x0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest backdoor evasion execution macos persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-12-29_1ab0e94ac2722b394cff6a3d2ffb095b_adload_evilquest_rekoobe

Resource

macos-20241106-en

evilquest backdoor evasion execution persistence

macos-10.15-amd64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-12-29_1ab0e94ac2722b394cff6a3d2ffb095b_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  1ab0e94ac2722b394cff6a3d2ffb095b
- SHA1
  
  bb7f33c3d102bf23b491e9f54172589aff9e874b
- SHA256
  
  2a7a8064109e287ad883414e735095ff3fd2d29d31e899eadc57c3a336d995b9
- SHA512
  
  aea4a274f319bccac3a844bb8221ffbc9b47c75969e574deb7a3422acdf606c3ebbba5fa5ce0a5bb340e3d739e2f643fc79981c3f3167b77bf815561de182707
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9x0:5SeOQdaZNxtk8cqhSxvHY9
Score

10^/10

evilquest backdoor evasion execution persistence
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- Evilquest family
  evilquest
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
- Launch Daemon
  Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Launch Daemon

Privilege Escalation

Create or Modify System Process

Launch Agent

Launch Daemon

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestbackdoorevasionexecutionpersistence

© 2018-2025

Terms | Privacy