184238497be5068f3544229b2d294552e4891248fc17468c85c2887118cea305

Sharing

Copy URL

Twitter E-mail

General

Target

Evon.zip
Size

8.9MB
Sample

230424-qde8psdf3s
MD5

87f8e8d7d8fd2d2300b53e47337844fe
SHA1

41d84565cfda11ee8061ea44295901b1757dd750
SHA256

184238497be5068f3544229b2d294552e4891248fc17468c85c2887118cea305
SHA512

ca1dcc6b332f550499746543c34b7e2faf9d6ac0400e9fdb50dca3028fd655906dce2d903acc318f5ba635d14dcc181c5ed93f350563be8db2e95c084584a2aa
SSDEEP

196608:mN4Pan3urJjuUub8CV3MGfYUp5w7kug9mSyBRT:W4in+r5lCV3nAUp53jy/

Score

6^/10

Malware Config

Targets

- Target
  
  Evon/Evon.dll
- Size
  
  5.2MB
- MD5
  
  ba2cb86836a523d0222d1b6d196df10b
- SHA1
  
  048afc664496513e65e19d8a78a7f7268cd9b877
- SHA256
  
  9bce7d3774c8aef1246668a32820c65feafa2adf96741042e3f0de2159ea15ae
- SHA512
  
  e5698dca580303f459d7814d8ed211c25b8faf71ddec02f175971b73ebdd546e705facaf91bd0c879a78554f5008b456442d1ff1c1a691b06d2b94fcace59148
- SSDEEP
  
  49152:sb86snt+LAKcEktNeOheMktSJOlfGw2PS7p06UL/7V1WIB9cp/cXTtjfY56TKkvI:6C1K8tNve18CUCcXTFY56ekyQv3TOG2
Score

3^/10
behavioral1 behavioral2
- Target
  
  Evon/Evon.exe
- Size
  
  6.4MB
- MD5
  
  8a3a3c1c0ff62fab204c8e6e76e477a7
- SHA1
  
  50fde23d977cc384eec65b4dc20e6c76749a1208
- SHA256
  
  b5d324e31f58cb59eaeecbbb4f743ca474f7acefd1326ded5ae2c77866f55238
- SHA512
  
  20705142e476d7ee1f3d6133020a74b42fcb12c1513b4d4ef28ca254226802a6926b90dcf18f673af47b964ceca7a26674307ecf5500b4e41a7a047a31718169
- SSDEEP
  
  98304:6FmsG+4eOpS9qWNXNgCp6aGBwHCcmmxVA5/xDnLx0yu+5TpUz:yDGw9f92CnPhATd0yHg
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Evon/FluxAPI.dll
- Size
  
  11KB
- MD5
  
  60f8e832977ab6140acb1896a1c12391
- SHA1
  
  fb6f45bc5c4342743857bf19165aea929d36353b
- SHA256
  
  792ae8b73f73238226003db6ec36335c06ed45b4d4342ff0140fd0cffab59288
- SHA512
  
  b706617061651a6e2959a58464bc801600c5a86fdbc2623f0fc7c6ce5ee0d8edf73c8e27aaa6883589c7a4d105f03c9fdfbc241b07bfc304a91c87dcffc2682b
- SSDEEP
  
  192:QhEIJ5RMCUuFMLpilJnp5GwuAN15+T390Az60J7j0Fsn3Xa6:QhEo0CUAgilJnp5j15+T3bn
Score

1^/10
behavioral5 behavioral6
- Target
  
  Evon/KrnlAPI.dll
- Size
  
  1.2MB
- MD5
  
  a83cc237d1329855e712d9a07fb3f3dd
- SHA1
  
  234561d33898d389c39c3fe9bff4ce9f6d10bc2b
- SHA256
  
  ed9df0bcf596f971863cdf49e7ed77754b3f088876e3d008f2a9f995d6776eb4
- SHA512
  
  90cf5f703f74802472fd3c9a1c8d0cfe767bfe4d82d31cd0a13ed86eec058272c7552079c30eb1d8bd2b4717802db9e6700144c29f23f99c1b64eb22fb21dfa6
- SSDEEP
  
  24576:6/DatK7f4Im/2dF989RLRXNlDeb1i9JyxAme3MpZp:62Of98zLRXNlDdJyxzCM/p
Score

1^/10
behavioral7 behavioral8
- Target
  
  Evon/Oxygen API.dll
- Size
  
  291KB
- MD5
  
  e9034685deb48ee57d574239573d7196
- SHA1
  
  5a4c0b346a7fe5e2c7624d86426c40819bf8cacb
- SHA256
  
  f4c75595e44dcdbbade39a477540f0de2656abf10a02bcbbcd8c05e8bd432bda
- SHA512
  
  b9d8b84b1dbd3b597e1e1831516b71c2f0d658e2a69977f4eb2bb3581a7fbd5d9554640a7a2b5fee229a224f265102707cfd708f244ca582b1d62d6c9de8dd00
- SSDEEP
  
  6144:kgaRZVLlfh7rZthO+JjkuHEEAt/wz/60baxHU6b:kgoZdfrXg+JwuKt/S/605
Score

1^/10
behavioral10 behavioral9
- Target
  
  Evon/runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  121KB
- MD5
  
  7859ad0be804d099721ba1de240356ba
- SHA1
  
  05cfac82e453f9f010e122f66b864155c24fe125
- SHA256
  
  8d60fe3a3bc71335422aec54f178c328360d045fe107e06ee4314fb27b97913e
- SHA512
  
  a2bf6b6965769dbc827c13f1480716f542d54581415b2e7125f9817023f0680fd59b9e3598abfd08316a80e20cd351dbfc6b5d5600d5f232d2bc312f24ecd338
- SSDEEP
  
  1536:Fl7DTqP7CTLVRNrL2r0oyx2dfHKxWvOossWrdHTzcHEtJewMpQi5l:FlmaLVRNudikGoEHTUEtAryiz
Score

1^/10
behavioral11 behavioral12
- Target
  
  Evon/runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  134KB
- MD5
  
  3d9b43a2c4cd54902f418f5a0f68454e
- SHA1
  
  244ef7c672659d4201b38e288f16e29e52ffbe4b
- SHA256
  
  398067e286fba58e3ea2e5aaace0e17b17367fcbe8f6087ed10817737aefbc12
- SHA512
  
  d8802ed37324c9c1f9c81fde5ff1e964fceeaf30ea42b35eda621f9c9bdf46dfd811945595e219619557521446b29423d0b2cd7276d074fd88a1fd2095c48e1f
- SSDEEP
  
  3072:Q1Ua32yCHjjTrxvJ7KP+6hJug3esZTEEtnDzUwsramu86n:omyCDj31JGW6fCEt0Tir
Score

3^/10
behavioral13 behavioral14
- Target
  
  Evon/runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  104KB
- MD5
  
  9a5b63400b8f9758469627bbda1adad2
- SHA1
  
  4e14ff901760ac79879bd2a9d0f16e36999025fd
- SHA256
  
  464c49461f856c6d4ea995122e47825e7b600b88ff78c0592f56599cabd58084
- SHA512
  
  4108062abfbea5dd58e07e3dd504b23475bf098227fef50b9e849a747abd7acbff07669ef628d6937d118d3d379656c8145e0d726a52ecc2b12ec7a698e61014
- SSDEEP
  
  3072:PGlw6Jjqkv4KDRq5HdHHSWZqocPVTTEtOIp87eP3MlN:PG66hdcHdi7Et3pigclN
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16