Threat Database Trojans Evrial Trojan

Evrial Trojan

By GoldSparrow in Trojans

Threat Scorecard

Ranking: 3,362
Threat Level: 20 % (Normal)
Infected Computers: 129
First Seen: August 16, 2023
Last Seen: September 21, 2023
OS(es) Affected: Windows

The Evrial Trojan is a threat that was developed by a hacker known as 'qutra.' The Evrial Trojan is part of a campaign that is being advertised on forums on the Dark Web. PC security researchers observed ads for the Evrial Trojan selling this threat platform for approximately 30 USD in Rubles (the Evrial Trojan is being advertised to Russian hackers). The Evrial Trojan is an information collecting Trojan, based on the Ovidiy Stealer. The Evrial Trojan's developers offer third parties access to the Evrial Trojan's services after they purchase these services using Bitcoin. The Evrial Trojan's most important feature is its ability to modify clipboard content in a way that is more effective than most similar ransomware Trojans, and this allows the con artists to extract data from the affected computer and communicate with the Evrial Trojan quite effectively through the Web.

Why the Evrial Trojan Infects a Computer

The people that purchase access to the Evrial Trojan project receive a building kit that allows them to build a custom version of the Evrial Trojan for their own use. They can use a variety of ways to then distribute the Evrial Trojan, such as spam email messages or by hacking into the targeted computer directly. After the people operating the Evrial Trojan manage to sneak this threat on to the victim's computer, this Trojan will be installed and modify the Windows Registry to ensure that it runs automatically when Windows starts up. The Evrial Trojan's purpose is to collect data from the infected computer. The Evrial Trojan does this in a variety of ways, which include the following:

  • The Evrial Trojan can be used to gather files from the victim's computer and transfer them to the cybercrooks' servers.
  • The Evrial Trojan can be used to take screenshots of the infected computer.
  • The Evrial Trojan can be used to collect login and password information from various applications, which may include the most commonly used Web browsers, as well as FTP software or instant messaging software on the infected computer.

The Evrial Trojan’s Clipboard Modification Feature

The Evrial Trojan will monitor the content that is copied to the infected computer's clipboard, scanning it for strings that may be linked to information such as online login information or online banking. When the Evrial Trojan detects one of these strings, the Evrial Trojan connects to a Web panel that is used to control it remotely. The Evrial Trojan will make various changes to the data, for example replacing a cryptocurrency wallet address with another (typically involving long strings that are unlikely to be memorized or copied by hand, but rather transferred to the clipboard). The victim will then, without being aware, transfer money to the cybercrooks' wallet or carry out another operation that benefits its controllers. The Evrial Trojan will target numerous money transfer methods, cryptocurrencies, and even the Steam trade with this tactic. The cybercrooks can modify the rules for clipboard modification to make it work to their needs specifically, making the Evrial Trojan particularly effective at this specific tactic.

Protecting Your Computer from Threats Like the Evrial Trojan

The Evrial Trojan can be difficult to detect, and the differences in how the affected computers work are not very apparent. The Evrial Trojan will run as an executable file named '2lexf3zueyw.exe' in many cases. The Evrial Trojan will run in the background, and it may be associated with a rootkit component or other component designed to make it difficult to detect and remove the Evrial Trojan. The best protection against threats like the Evrial Trojan is a security program that is fully up-to-date to protect your data. Apart from this, computer users should use reasonable security measures to protect their computers from the main distribution vectors associated with threats like the Evrial Trojan, such as spam email messages or direct installation through compromised Remote Desktop Protocol connections.


Evrial Trojan may call the following URLs:

Related Posts


Most Viewed