General
-
Target
Eclipse RAT.zip
-
Size
12.5MB
-
Sample
241029-2bkwys1eml
-
MD5
30364181c2174678b94d74fcbd16f89d
-
SHA1
640ca938cd1497f0f7bff46de48d9765949c4214
-
SHA256
eca49914c9c9dbaad9e8ee1aaccfecb0d88a6fd610c02fbf873935467b7bf114
-
SHA512
d916e950d80f95d4061b1be6ec829f93631aa92272545b79c46d8bc7f01ba72e84a6e6a38a47ee7cd6723547de7d2c71ecde389154aec5c0a0efd2fa55bf8652
-
SSDEEP
393216:2xDA4Ulx6CHtKlswnb1q8EptEW7Zb2KOyUbYVNK:IUlxHHGd/E75ZSKjNK
Static task
static1
Behavioral task
behavioral1
Sample
Eclipse RAT.zip
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://95.214.55.177:2474/fae624c5418d6/black.api
Extracted
lumma
https://pillowbrocccolipe.shop/api
https://communicationgenerwo.shop/api
https://diskretainvigorousiw.shop/api
https://affordcharmcropwo.shop/api
https://dismissalcylinderhostw.shop/api
https://enthusiasimtitleow.shop/api
https://worryfillvolcawoi.shop/api
https://cleartotalfisherwo.shop/api
Targets
-
-
Target
Eclipse RAT.zip
-
Size
12.5MB
-
MD5
30364181c2174678b94d74fcbd16f89d
-
SHA1
640ca938cd1497f0f7bff46de48d9765949c4214
-
SHA256
eca49914c9c9dbaad9e8ee1aaccfecb0d88a6fd610c02fbf873935467b7bf114
-
SHA512
d916e950d80f95d4061b1be6ec829f93631aa92272545b79c46d8bc7f01ba72e84a6e6a38a47ee7cd6723547de7d2c71ecde389154aec5c0a0efd2fa55bf8652
-
SSDEEP
393216:2xDA4Ulx6CHtKlswnb1q8EptEW7Zb2KOyUbYVNK:IUlxHHGd/E75ZSKjNK
-
Lumma family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-