evilquest | 3b072080552c05a4636e485df3ddf12052c6b95cb2345b8380632ba55670de60 | Triage

Sharing

General

Target

2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
Size

168KB
Sample

250306-vy2pnatvet
MD5

7f58e87fe5545f641fd34a8e23022181
SHA1

0ba1a70b086b09b75a10b1ab286ae59bf97c3cbf
SHA256

3b072080552c05a4636e485df3ddf12052c6b95cb2345b8380632ba55670de60
SHA512

5ec7d95537ae9ccbb3b670197e9fa55242ec2d3926addea0fb64ed188bc1dc4317f7f35d1d06377a7a3260781c111ffa57261fb271c7df92e1fac18e47cc773c
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dS0:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest execution macos persistence

Malware Config

Targets

- Target
  
  2025-03-06_7f58e87fe5545f641fd34a8e23022181_adload_evilquest_rekoobe
- Size
  
  168KB
- MD5
  
  7f58e87fe5545f641fd34a8e23022181
- SHA1
  
  0ba1a70b086b09b75a10b1ab286ae59bf97c3cbf
- SHA256
  
  3b072080552c05a4636e485df3ddf12052c6b95cb2345b8380632ba55670de60
- SHA512
  
  5ec7d95537ae9ccbb3b670197e9fa55242ec2d3926addea0fb64ed188bc1dc4317f7f35d1d06377a7a3260781c111ffa57261fb271c7df92e1fac18e47cc773c
- SSDEEP
  
  3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9dS0:5SeOQdaZNxtk8cqhSxvHY9
Score

5^/10

execution persistence
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AppleScript

System Services

Launchctl

Persistence

Create or Modify System Process

Launch Agent

Privilege Escalation

Create or Modify System Process

Launch Agent

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence