MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GlassWorm

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf
SHA3-384 hash:	1bb6340532b9b616f9367c08e21f19405224f1e554941bed577b145b9fe7a1fb1cdd1cb071b2a96301ac7adfb9092548
SHA1 hash:	cdb87c48a3d8b341e3b2332bdb8cc45ab251a637
MD5 hash:	dd4d248a32a1047730c84cb0a674ebb7
humanhash:	crazy-uniform-crazy-sweet
File name:	wave3_npm_archive_20260316.zip
Download:	download sample
Signature	GlassWorm Create hunting rule
File size:	7'954'268 bytes
First seen:	2026-03-16 12:16:33 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:IUbi41VHeQX+uLFGVMGZoeo3jqbLzpUje6yML7lqb:uISuxOKeEq+j5O
TLSH	T1498633CFFC64D4BBC6F82E9091A55CE932941A8BB7680FE4BF2164753CABC201759760
Magika	zip
Reporter	tipo_deincognito
Tags:	glassworm infostealer native-addon npm-supply-chain Wave3 zip

tipo_deincognito

GlassWorm Wave 3 npm native addon archive. 7 encrypted .node files including injection and exfil tooling. Downloaded by payload from 217.69.3.51/get_arhive_npm/.

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:	f_ex86.node
File size:	1'815'568 bytes
SHA256 hash:	9c7f93b925c86b911f4488c10709407b2c1f0695ec120cb998a9fd34d22c503a
MD5 hash:	5a14afbe4c537dc4206d57bfd0ee3f32
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	index_x64.node
File size:	175'632 bytes
SHA256 hash:	baa6d18542a5bbcfa6beec942660cf8e7988e14a727d775a5c90313ec7392a96
MD5 hash:	7f3d180c4a6965c376bd7653ef0861a0
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	m
File size:	2'859'728 bytes
SHA256 hash:	e2a8ecd85261dc9b3d2a0d435721f7b8fe3c3bcd846567afeaca77fcf9de2e9e
MD5 hash:	a249230cbefe34ff9678599833f6b54c
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	w.node
File size:	1'488'912 bytes
SHA256 hash:	78ecfb7753499b69fe85c348377c2e522b275c34c1edd172f9b543da18438e4e
MD5 hash:	2634aa42044cf1600242bf84b7b22996
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	c_x64.node
File size:	1'417'744 bytes
SHA256 hash:	bce8c1023af5d8839e4e6e164f143472ae996dacfe2c7005a9a6afef2c8b8ff3
MD5 hash:	b705d1e9da749a10adb477d256ad2c6b
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	index_ia32.node
File size:	153'104 bytes
SHA256 hash:	d29feab76ea82367dcce29ba6010f5d0e5db71b298a31cd847f5ad6013728f3a
MD5 hash:	0048c736d90ef1b730cdbb204e1a37de
MIME type:	application/octet-stream
Signature	GlassWorm

File name:	data
File size:	40'464 bytes
SHA256 hash:	626958cf09ed98577efd462d0f1b79680bbbc32c1783c9322687369ac6392312
MD5 hash:	2eb169cbd0bfd95469c005f1764ee2a9
MIME type:	application/octet-stream
Signature	GlassWorm

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/025bdfc8-5816-402e-a00e-890ff9d24fab/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b7f4d188c80c01586ac034

Tags:

n/a

Result

Verdict:

Unknown

File Type:

ZIP File

Link:

https://app.docguard.net/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf/results/dashboard

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf/results?tab=lookup

Verdict:

inconclusive

YARA:

2 match(es)

Tags:

Zip Archive

Link:

https://app.malva.re/file/dd4d248a32a1047730c84cb0a674ebb7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2026-03-16 12:17:27 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q2etq5k5xlgejaffhfprflu4qrt5onona26gtnqizbhklpwnidhq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/260316-rvd8eabx4j/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GlassWorm

zip 868938755dbacc4480a5395f12ae9c8467d735cd06bc69b608c84ea5becd40cf

(this sample)

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample