General

  • Target

    Eclipse_Build_4.0.5.zip

  • Size

    13.5MB

  • Sample

    240403-xkts1ahf2t

  • MD5

    e4b55c96f37f86819e1637003699784e

  • SHA1

    eb1042fe53516cf26d5a761b4f00e4b30aadc1bb

  • SHA256

    b00a7069076c898565c3e1c91567d9778005964638dd65644a4606f01719b2a9

  • SHA512

    c7117a4b7022675fddc4bc2f05af0964ab2abc4fc3ed7c8b28b70f8c0fdad3df2fa69c0b1f472a69fc38fe3a675c1aacd5903a09f65d599ef910fe0f5e8cf0a8

  • SSDEEP

    196608:+DBpDU+dXTWKkjp4TnAPIhDf+1so3+dfJE/9hRDWPsTshVC3csQvAdJPCIfopnl7:MBpY+U7jYeADrz0KsTshVx4Jqwcuq

Malware Config

Targets

    • Target

      Eclipse_Build_4.0.5.zip

    • Size

      13.5MB

    • MD5

      e4b55c96f37f86819e1637003699784e

    • SHA1

      eb1042fe53516cf26d5a761b4f00e4b30aadc1bb

    • SHA256

      b00a7069076c898565c3e1c91567d9778005964638dd65644a4606f01719b2a9

    • SHA512

      c7117a4b7022675fddc4bc2f05af0964ab2abc4fc3ed7c8b28b70f8c0fdad3df2fa69c0b1f472a69fc38fe3a675c1aacd5903a09f65d599ef910fe0f5e8cf0a8

    • SSDEEP

      196608:+DBpDU+dXTWKkjp4TnAPIhDf+1so3+dfJE/9hRDWPsTshVC3csQvAdJPCIfopnl7:MBpY+U7jYeADrz0KsTshVx4Jqwcuq

    Score
    1/10
    • Target

      REALEcliptic_Build_4.0.5/ECLIPSE_4.0.5.exe

    • Size

      13.7MB

    • MD5

      75f5eb3c8a9f34c69149cf144a278095

    • SHA1

      caec63bfc6ce14dd5edd1cabd463caf5c9269dde

    • SHA256

      834db83782f90973b957479a5f556622ea6def1490c3322e558729f7f5fd7821

    • SHA512

      d436f430c7c20ab20f87170301986084114aa8963800b29643e53297caa088c0c4e6b2bc06b4a728b1e4dccd495d6d04e4943268418511d1189edcbde4d556fe

    • SSDEEP

      393216:2EkQE+z7P8AxYDLInEroXq14S24n8h/9Do3oru:2mzgXQErUlGq9DQoru

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      REALEcliptic_Build_4.0.5/README.txt

    • Size

      3KB

    • MD5

      8259ca7eef39c42ed41d54e59be85851

    • SHA1

      ea5435aa837f8f820cf17ef3810dda43b045a538

    • SHA256

      60fca2116ae45cf806e1e7f9be65f16ca559eb8e35624fcb75e19fdfb0e6cc73

    • SHA512

      b0b162d1eb5baa457c502cd06436e7412f8f4940c7112ce4a3d23351ef0a3dad7ecc0452dfbc8cccbfa5a17412c9651f5769fdfcfc789375323ae7447c90af56

    Score
    1/10
    • Target

      REALEcliptic_Build_4.0.5/bin/drawUi.dll

    • Size

      281KB

    • MD5

      19a137530140343516b062de921cf8a0

    • SHA1

      7bb80fec979b0f35288f5e7db00b5f78553eb433

    • SHA256

      a7602caf28804eed07b682eacf6c9f31a0e89d5f05ba91578ca97126baa85f22

    • SHA512

      1894cac10367705fbbcdc6cff78525566efaa950cf251c8484697e7cbba441c2892b1a88effbcb7c240c3c29061ada1e348601bef8c77f124e8e4b3081fd43c2

    • SSDEEP

      6144:nBJcwigsUb7pvN+HwWL3RgcGRW9S6yK5Q0M+KM:BJcwHbVF+HwU33NyKx

    Score
    1/10
    • Target

      REALEcliptic_Build_4.0.5/bin/glew32.dll

    • Size

      324KB

    • MD5

      7399bc6fcbcfe81b6437d37d45d27e00

    • SHA1

      254ac4f5e56cd5ce14d31f824de7949b09597c78

    • SHA256

      1ea8aedc46418e08aeabcb91c16fb4a0ab669924dd0a6071d143f13cd932a022

    • SHA512

      bfffdd518b1a7a4890762e38861db465e187dc197aa6b02f2644ac798e0e03e6f6b2543e24e92e3a16a82ee3d9f795ff12845caf174b2d1b5f6800d7ae1941ea

    • SSDEEP

      6144:GzLQ5Ht2YVVlGSAkApyg8YifaTzaOAz7Du:6Q5HkUVzH

    Score
    3/10
    • Target

      REALEcliptic_Build_4.0.5/config.cfg

    • Size

      252B

    • MD5

      a3493d169d199224377f9c56bf480e72

    • SHA1

      0c6aa9694d5a9d729cc76f128f1fc9ac1f042d7c

    • SHA256

      69018e16bf06c80ff707ebf4cc10b03866acac14fc42eff982ff6fe94906bb95

    • SHA512

      dee7b4cf599b9a179de27a68db732ab0bd343b3d0e2e733258cc371a058a316dca0b21ee40645fc4566f2a3e8dfe1fb06996b129974d8751f19a1a4cb102db25

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks