eternity | ToxiaFarm[.]rar | Triage

Sharing

General

Target

ToxiaFarm.rar
Size

627KB
MD5

907b06ef17ffccdf1c34c31417b4c002
SHA1

565279cb35c892084b637864b920a67d1abea93a
SHA256

118591dd7d5de350121cf23756b1a8dd2d57498bcf105129d6e24613bf4f910e
SHA512

bf82c79b1d9d0725a0a59f81961ce1dc69bb4ff5d3963238b33f4010938b87c589c919a6f24b1aa970a905d2026180c0b886cb27a5c7b22fe5015473f0599b41
SSDEEP

12288:ZQ+/+pf0LsWtNbYBItF+bJT4WRKPuqAOUy8vWzXiymhwtPV0J7qmYDTtL1DbpMN/:FjsWNYGz+baw1vuXiymuV8qBHpMcRC

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

resource	yara_rule
static1/unpack001/ToxiaFarm/Toxia.exe	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ToxiaFarm/Toxia.exe

Files

ToxiaFarm.rar
.rar
ToxiaFarm/Toxia.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ