trojan.Evrial Cryptocurrency stealer

Forum for analysis and discussion about malware.
Post Reply
markusg
Posts: 733
Joined: Mon Mar 15, 2010 2:53 pm

trojan.Evrial Cryptocurrency stealer

Post by markusg » Wed Feb 21, 2018 7:14 pm

SHA-256
2816e869afc0bb09635c15d64f9fd1e6e02aaefc68fe227c454af302e6bb453a
File name
WinRar Setup (1).exe
https://www.virustotal.com/#/file/2816e ... /detection
You do not have the required permissions to view the files attached to this post.

fonavozia
Posts: 6
Joined: Wed Oct 14, 2015 12:14 pm

Re: trojan.Evrial Cryptocurrency stealer

Post by fonavozia » Fri Mar 02, 2018 2:23 pm

C&C moved to hxxps://projectevrial.com/login/.

fonavozia
Posts: 6
Joined: Wed Oct 14, 2015 12:14 pm

Re: trojan.Evrial Cryptocurrency stealer

Post by fonavozia » Fri Mar 16, 2018 7:58 am

C&C address is downloaded from hxxps://github.com/sevampir/evrial (hxxps://raw.githubusercontent.com/sevampir/evrial/master/LICENSE.md/evrial)

fonavozia
Posts: 6
Joined: Wed Oct 14, 2015 12:14 pm

Re: trojan.Evrial Cryptocurrency stealer

Post by fonavozia » Fri Mar 16, 2018 8:00 am

Sample in attachment (379aa4c0fe0e2027e76341e075321fa0).
You do not have the required permissions to view the files attached to this post.

ohdae
Posts: 1
Joined: Wed Sep 03, 2014 5:35 pm

Re: trojan.Evrial Cryptocurrency stealer

Post by ohdae » Tue Aug 07, 2018 2:24 pm

File: b2ac53ffa2ee13e30ff0a78208d4c9b28251c00a3cd7e5345a07cd8664b943b1
Size: 46080
MD5: 379aa4c0fe0e2027e76341e075321fa0
SHA1: 8940ea910db97a4ecff02bd95218a2add8d728ce
SHA256: b2ac53ffa2ee13e30ff0a78208d4c9b28251c00a3cd7e5345a07cd8664b943b1

Pretty basic YARA rule strings for this sample here as well:

Code: Select all

	$name0 = "Evrial" ascii fullword
	$name1 = "Evrial.Hardware" ascii fullword
	$name2 = "Evrial.Cookies" ascii fullword
Thats^ the bare-minimum. I've let this hunting for awhile so I should have many more samples by EOD.

Post Reply