MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55ac0ec0189ebe42b1b37cad8c6fa65d3272c0c356f8f9854d4a72ea28ab3f2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealit


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55ac0ec0189ebe42b1b37cad8c6fa65d3272c0c356f8f9854d4a72ea28ab3f2c
SHA3-384 hash: 68a2e4c2cfc974090feaba62ab1c1003b9d4deaca81b55059dc6bf5eac9d3959fd6ec41cf4c70ab8a8b7e5ff3da8da13
SHA1 hash: 0589ce63c6f2df04c059088e91d1149967dfee0c
MD5 hash: d4fbe7c128cb88f53279c1a615b497c6
humanhash: fourteen-snake-monkey-avocado
File name:Sonic-Glyder.zip
Download: download sample
Signature Stealit
Create hunting rule
File size:77'873'443 bytes
First seen:2024-04-21 15:02:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: beta
ssdeep 1572864:MYbLMnMyUPFdm7FuDLOyfBsOjJjG41xYBz76LJAfq+NM6SKM+K:tJ7FdmET/lG4TOyLifq+KK/K
TLSH T13308330B649EEC58957785A8CC1DE4DCF3A40042D0F5A788E4A4BD3C8027D5EBA6BF67
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter NDA0E
Tags:electron pw-beta SonicGlyder sonicglyder.com Stealit zip


Avatar
NDA0E
Distributed via: sonicglyder.com > https://cdn.discordapp.com/attachments/1231360292168929434/1231360436591399053/Sonic-Glyder.zip?ex=6636acc5&is=662437c5&hm=bb5b093b1f9c33519805e74620bf8f6b38207c15e80c7184b5225e0aab3b0c95&

C2: illitluckygirl.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Sonic-Glyder.exe
File size:77'943'888 bytes
SHA256 hash: 2f72367bd43d9c3405c880334c577d8a282cd2a5018bc76c67783a326eb754aa
MD5 hash: 78d5f4b4b68da593d9264f58ce577fbf
MIME type:application/x-dosexec
Signature Stealit
Vendor Threat Intelligence
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/55ac0ec0189ebe42b1b37cad8c6fa65d3272c0c356f8f9854d4a72ea28ab3f2c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/55ac0ec0189ebe42b1b37cad8c6fa65d3272c0c356f8f9854d4a72ea28ab3f2c
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwwa5qayt27efmntpswyy35gluzhfqgdk34ptbknjjzoukflh4wa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/240421-wlej2agd82/
Behaviour
Suspicious use of WriteProcessMemory
Detects videocard installed
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
An obfuscated cmd.exe command-line is typically used to evade detection.
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealit

zip 55ac0ec0189ebe42b1b37cad8c6fa65d3272c0c356f8f9854d4a72ea28ab3f2c

(this sample)

Executable exe 7ab82c1ffa37f1538594cc5ad56f6dd047baf2c30bfcce614f1ad28b56196d35

  
Dropping
SHA256 7ab82c1ffa37f1538594cc5ad56f6dd047baf2c30bfcce614f1ad28b56196d35
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2820831/

Comments