General
-
Target
Evon.exe
-
Size
52KB
-
Sample
230312-crra8sed2w
-
MD5
326b50636f19b2ea3226f15fdb9f6e44
-
SHA1
d66be7e3bce5d043ac5fe7a898cfdc20bedf9a26
-
SHA256
f425f5f3ba57958f3a79c9a3665d504d5dbb0e8bf2c657e67e929daf7f1b9cde
-
SHA512
b50663e989a96c2f85c64f55e5329af9d53992d9cfcc99227d928bf799fb3f4cc5f874dca816f98167053599e47679cda9d94daedb455ddb7c0eeffedcdc9c11
-
SSDEEP
768:kKPghIL7FpN+jiTHPivg8YbjggxWmUevEgK/JSIPzZVc6KN:9PxNTjzb8AW9enkJpPzZVclN
Behavioral task
behavioral1
Sample
Evon.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:33901
127.0.0.1:33902
spring-consultation.at.ply.gg:8848
spring-consultation.at.ply.gg:33901
spring-consultation.at.ply.gg:33902
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Evon.exe
-
install_folder
%AppData%
Targets
-
-
Target
Evon.exe
-
Size
52KB
-
MD5
326b50636f19b2ea3226f15fdb9f6e44
-
SHA1
d66be7e3bce5d043ac5fe7a898cfdc20bedf9a26
-
SHA256
f425f5f3ba57958f3a79c9a3665d504d5dbb0e8bf2c657e67e929daf7f1b9cde
-
SHA512
b50663e989a96c2f85c64f55e5329af9d53992d9cfcc99227d928bf799fb3f4cc5f874dca816f98167053599e47679cda9d94daedb455ddb7c0eeffedcdc9c11
-
SSDEEP
768:kKPghIL7FpN+jiTHPivg8YbjggxWmUevEgK/JSIPzZVc6KN:9PxNTjzb8AW9enkJpPzZVclN
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-