MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
SHA3-384 hash: 64ffa2cf72c8a47f466f8c6390532448f267c6190e75db0168180125be493629d3a71d81b20c193ad6935ddf40bff132
SHA1 hash: 0518eed749b347c6b4439c7cb8ad8e3d3dadbafa
MD5 hash: bb832894b2030f66e09239d4f52933c4
humanhash: eighteen-sad-fillet-north
File name:59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
Download: download sample
Signature Pony
Create hunting rule
File size:139'776 bytes
First seen:2020-11-10 10:53:39 UTC
Last seen:2024-07-24 14:42:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash be19e18d6a8b41631d40059031a928bb (28 x Pony, 3 x Loki, 3 x NetWire)
ssdeep 3072:hoTv/p/6pTho4yEPhXzpqq/c+tPtdHVWcO:iTn4o4yKzb/ztV
Threatray 128 similar samples on MalwareBazaar
TLSH ADD3126920CC0468D54ED83158E69EE2F37F6DC0882D197B1FE2FF277A75A0A1471935
Reporter seifreed
Tags:Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
379
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Reading critical registry keys
DNS request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Stealing user critical data
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 10:55:57 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lhaxo43xmjq5iujcudigocegkqtizjy3gkng5fevcbofadaszdaq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
2dba22bb151cb9c5e35304b1a6215374d6857898d217b721f9b5a6e8d973576d
Pony
5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
Pony
5dbfd22543849bd392e080c351227f31137993f23ee7ac5a3184322e43d73745
Pony
754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce
Pony
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
Pony
92dd50589b21721bb8b73217b21be6a6c51f6fca5cb19ebea9a0913cfaa7baa8
Pony
a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f
Pony
a9ab46452a78667dfb767d2bf2507c607d818463c8a0b8d87cf3b79335247a3e
Pony
b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
Pony
e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
Pony
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201110-x7znmkv2x2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
MD5 hash:
bb832894b2030f66e09239d4f52933c4
SHA1 hash:
0518eed749b347c6b4439c7cb8ad8e3d3dadbafa
Link:
https://www.unpac.me/results/252f58d5-8a9a-44f1-a7b8-b889cc9e5181/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments