MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16692ab38663ca618f3c522177c8732abe93fe4377b498940579d829eee65027. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16692ab38663ca618f3c522177c8732abe93fe4377b498940579d829eee65027
SHA3-384 hash: dd8df4b2fb4cd8472f117517c90abb73a150f441019b1e395443df5e6c70bd47495f00c986a57086837acad7af8284f0
SHA1 hash: 9b24445da82bea5e1593a2216faab6f4f6d5fee5
MD5 hash: 57f2ba065b0ce36fae72e7851cf41710
humanhash: oscar-chicken-hotel-west
File name:Chamunda Pharma PO A129673 _pdf.zip
Download: download sample
Signature Pony
Create hunting rule
File size:487'515 bytes
First seen:2020-06-12 06:48:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:BaM+GJAt1ujWURiJbwTOUtF8Mqlg8lCAS27Oec4s:7+2AXuaIF8zg8lCAPtcj
TLSH 36A4239295C062AAF45481AD27A9DC05766B207F385AE31B9F0F2E9C1E207F1D713CBC
Reporter abuse_ch
Tags:Pony zip


Avatar
abuse_ch
Malspam distributing Pony:

HELO: hu.hubtimeap.live
Sending IP: 45.95.171.242
From: Charmunda Pharma Mchinery LTD <albright5@hotmail.com>
Subject: Re: Urgent PO for June A129673 Chamunda Pharma Machinery,LTD.
Attachment: Chamunda Pharma PO A129673 _pdf.zip (contains "QWA.exe")

Pony C2:
http://shinhan-vina.com.vn/hd/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
458
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.245818.10883.3329.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:50:11 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=czusvm4gmpfgddz4kiqxpsdtfk7jh7sdo62jrfafphmct3xgkatq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 16692ab38663ca618f3c522177c8732abe93fe4377b498940579d829eee65027

(this sample)

Pony

Executable exe f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989

  
Dropping
MD5 bd1c429c2ea9b2c200470e0859761692
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989

Comments