MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0903bba53f8ce5ed30f38f7af82f1eeba97a00b57ca386c2d8e4549bca2896d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0903bba53f8ce5ed30f38f7af82f1eeba97a00b57ca386c2d8e4549bca2896d1
SHA3-384 hash: 886df6f649c7d6eeb425d665a72147e7220d580c9335b325a7c136c92b9f93ba3ef4654a95e5b84f45932c28ac05bca2
SHA1 hash: 5a13678b655bb759648dbc1d82fd805f26b4f531
MD5 hash: 64e66effac6b5a00a6d71f09a65c7f22
humanhash: pip-berlin-yellow-green
File name:PI_INV9376454875485744.PDF.ARJ
Download: download sample
Signature Pony
Create hunting rule
File size:171'112 bytes
First seen:2020-06-03 08:55:42 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 3072:7UbuSYHztMjQLklO9poBOxKCDV8f7n8h5gmbV2Ysb50ULLyFC/3A:7UbPYzWjQHeDn4gVn5rOFC/Q
TLSH 85F323A625D919BB311C0A1407FC1BFB4EF1DBEC9814AEF252447EA6BC95C881B11EF1
Reporter abuse_ch
Tags:arj Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: hawier.com
Sending IP: 78.129.252.18
From: Lisa <bag@hawier.com>
Subject: 2 Orders Invoice Here In Our Alternative Email Attachment
Attachment: PI_INV9376454875485744.PDF.ARJ (contains "PI_INV9376454875485744.PDF.exe")

Pony C2:
http://94.102.54.77/store/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
437
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200603-1521.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 19:18:00 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=beb3xjj7rts62mhtr55pqly65ouxuafvpsrynqwy4rkjxsris3iq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

arj 0903bba53f8ce5ed30f38f7af82f1eeba97a00b57ca386c2d8e4549bca2896d1

(this sample)

Pony

Executable exe 68d2d73272b19025d18d9e68a5da99816381a77a12228acdeadf074e68a119a6

  
Dropping
MD5 a9177f65efbeb6f0de615046fa59ed57
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68d2d73272b19025d18d9e68a5da99816381a77a12228acdeadf074e68a119a6

Comments