MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b
SHA3-384 hash: 35ab8f004b18e20f53f1f847bc302928be98382f76bf7b70c1ce3dd133eb74794c6f5b7276f7738a526ba41c7f83a20f
SHA1 hash: 0e80e877ee76dba1feafcc88c0fb1496e276ca88
MD5 hash: cf7cf5808e2848d51267879ff2ed100d
humanhash: mockingbird-skylark-oklahoma-queen
File name:eclipse.exe
Download: download sample
File size:86'113'536 bytes
First seen:2025-12-03 13:26:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 764090509664248d5254caeebe1e7af5
ssdeep 393216:Q9FZH1IL4xeG3pkiJzZstF9dmQQu+iOwUiTZI7FrKNx+4AshdaXmc+7jy464j1iJ:QZH1RHugrIjdIDVNQr8FyRhYpgPVlcmE
TLSH T14F187D5263A609D6F9F79A348AE65213D673BC063F3082CF324C176A1F736E04976B61
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe signed stealer

Code Signing Certificate

Organisation:NVIDIA Corporation
Issuer:NVIDIA Corporation
Algorithm:sha256WithRSAEncryption
Valid from:2025-12-01T21:38:30Z
Valid to:2030-12-01T21:48:30Z
Serial number: 53c3e21af26ad6a34610c03881eba012
Thumbprint Algorithm:SHA256
Thumbprint: 52e3f62852665e7b5d8147818d157fd2749d611ebec8217908ed740811614b50
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
NL NL
Vendor Threat Intelligence
Details
No details
Malware family:
n/a
ID:
1
File name:
saylen.exe
Verdict:
Malicious activity
Analysis date:
2025-12-03 13:16:08 UTC
Tags:
stealc stealer anti-evasion
Link:
https://app.any.run/tasks/348086e4-0179-4625-b4b0-13776c99cbc8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69303a3b264b106bd6466c8a
Tags:
autorun xmrig
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto fingerprint microsoft_visual_cc signed
Link:
https://www.filescan.io/uploads/69303abfddcd694c78ba7a9f/reports/8e44f1a1-fbaa-493a-a5d3-bc6d9f78a4ff/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Genus
Link:
https://www.hybrid-analysis.com/sample/ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-02T17:20:00Z UTC
Last seen:
2025-12-03T09:57:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Win64.Stealer.sb Trojan-PSW.Win64.Stealer.apjy
Link:
https://opentip.kaspersky.com/ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b/results?tab=lookup
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/1825397
Signature
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b
Gathering data
Verdict:
Malicious
Threat:
Trojan-PSW.Win64.Stealer
Link:
https://tip.neiki.dev/file/ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-03 02:58:43 UTC
File Type:
PE+ (Exe)
Extracted files:
13
AV detection:
2 of 36 (5.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ymngzllvsbjkhqzsfxxjkik4qpe7hjuyu3hjxfyu75yljledufq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251203-qqbfaack5w/
Behaviour
Checks processor information in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ee18d3656bac82951e19916f74a90ae41e4f9d34c53674dcb8a7fb85a5641d0b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3724191/

Comments