eternity | NightFarm V4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NightFarm V4.exe
Size

1.1MB
MD5

68cf2278eea5f6863a3fd351713cdb08
SHA1

3cb83c51d352ff88659cca1961f6fba8a0cc34f7
SHA256

e5e12926465de550469cb6ef94c66d697e4c740f49b684867db991bd30367498
SHA512

64ae5be322be1e3ac4e83ea1646dfbe8160747d62281e4c6e68fda232ea74a1d361548f73220d137ee4f59d939f2cdd46734a461966335971b2ea67f67fd13f1
SSDEEP

12288:gTEYAsROAsrt/uxduo1jB0Y96qyIQFrC7ZgMuhDxRqXI84XZ24gUwk1cJFBTJt6/:gwT7rC6q/VUhDxRooXZrTqRsIv2+QV

Score

10^/10

stealer eternity

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Files

NightFarm V4.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ