General

  • Target

    Evon.exe

  • Size

    52KB

  • Sample

    230312-crra8sed2w

  • MD5

    326b50636f19b2ea3226f15fdb9f6e44

  • SHA1

    d66be7e3bce5d043ac5fe7a898cfdc20bedf9a26

  • SHA256

    f425f5f3ba57958f3a79c9a3665d504d5dbb0e8bf2c657e67e929daf7f1b9cde

  • SHA512

    b50663e989a96c2f85c64f55e5329af9d53992d9cfcc99227d928bf799fb3f4cc5f874dca816f98167053599e47679cda9d94daedb455ddb7c0eeffedcdc9c11

  • SSDEEP

    768:kKPghIL7FpN+jiTHPivg8YbjggxWmUevEgK/JSIPzZVc6KN:9PxNTjzb8AW9enkJpPzZVclN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:33901

127.0.0.1:33902

spring-consultation.at.ply.gg:8848

spring-consultation.at.ply.gg:33901

spring-consultation.at.ply.gg:33902

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    Evon.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Evon.exe

    • Size

      52KB

    • MD5

      326b50636f19b2ea3226f15fdb9f6e44

    • SHA1

      d66be7e3bce5d043ac5fe7a898cfdc20bedf9a26

    • SHA256

      f425f5f3ba57958f3a79c9a3665d504d5dbb0e8bf2c657e67e929daf7f1b9cde

    • SHA512

      b50663e989a96c2f85c64f55e5329af9d53992d9cfcc99227d928bf799fb3f4cc5f874dca816f98167053599e47679cda9d94daedb455ddb7c0eeffedcdc9c11

    • SSDEEP

      768:kKPghIL7FpN+jiTHPivg8YbjggxWmUevEgK/JSIPzZVc6KN:9PxNTjzb8AW9enkJpPzZVclN

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks