FireEye describes EASYNIGHT is a loader observed used with several malware families, including HIGHNOON and HIGHNOON.LITE. The loader often acts as a persistence mechanism via search order hijacking.
Examples include a patched bcrypt.dll with no other modification than an additional import entry, in the observed case "printwin.dll!gzwrite64" (breaking the file signature).
There is no Yara-Signature yet.
If your designated proposal does not fit in any other category,
feel free to write a free-text in the comment field below.
Please propose all changes regarding references on the Malpedia library page
Your suggestion will be reviewed before being published.
Thank you for contributing!