MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801
SHA3-384 hash: 8eb6c0a16eea5867d90f8c5ef6ba041a0544342c41e66e4431f9f329f45b5534ef50f6d92308270b7a70889988487c5e
SHA1 hash: cf122ea694934f0675ff409db0d8eecf8aaadb05
MD5 hash: d6a572b8b4b9dd892d66ece69d364a3e
humanhash: july-connecticut-four-red
File name:EighteyesLauncher.exe
Download: download sample
File size:93'538'262 bytes
First seen:2026-06-14 13:12:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (587 x GuLoader, 130 x RemcosRAT, 84 x EpsilonStealer)
ssdeep 1572864:j52/TWa5JwYknCenvqUXsc9TI0p7+/gA+FzdN6V9jWlSaW5sazgd6:j25mCG1e2i/gtd3s9jc+sMQ6
TLSH T1FC28331817C8CE1AD1C3983B3AFF52A199F01A2B5340BD9B2B79EF57925C4FE4438466
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon cc96cc5555cc96cc
Reporter MidasRX
Tags:electron exe NovaBlight NovaShadow Potentially RAT stealer


Avatar
MidasRX
Find on https://nightastral.fr/

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/7d6b7b07-a229-4cb1-8f2d-5915935f47d7/
Malware family:
n/a
ID:
1
File name:
EighteyesLauncher.exe
Verdict:
Malicious activity
Analysis date:
2026-06-14 13:11:32 UTC
Tags:
evasion possible-phishing
Link:
https://app.any.run/tasks/8e4adc34-9b89-4ffd-9c10-9652c479ce20

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2ea850a15110463ee5bb3f
Tags:
extens shell sage
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Creating a file in the %temp% subdirectories
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm evasive fingerprint fingerprint installer installer installer-heuristic keylogger microsoft_visual_cc nsis packed reconnaissance
Link:
https://www.filescan.io/uploads/6a2ea8ff1f652d68657ee561/reports/1498863e-2802-47f5-9a48-7852c608b439/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-06-13T12:47:00Z UTC
Last seen:
2026-06-15T02:39:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win32.Alien.gen HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801/results?tab=lookup
Score:
88%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Alien
Link:
https://tip.neiki.dev/file/ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zjwjl7cpmm5li23e3bwczufv33g5ep4smbs2suvbslfcativhaaq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260614-qgc8hsds6v/
Behaviour
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801

(this sample)

  
Link
https://www.threat.rip/file/ca6c95fc4f633ab46b64d86c2cd0b5decdd23f926065a952a192ca204d153801
  
Delivery method
Distributed via web download

Comments