MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
SHA3-384 hash: 5fe4377013a84ef32f6b1d59ccc824fd5f87fcf11a2306a1ed6c2fd43481d7c4a6f6fd43eca7dceb3ce48081d111cab9
SHA1 hash: c9f67283045de2b7070760740c97a61fb56990d7
MD5 hash: 6cc81433290efe5d501d9c76bdbfa2e7
humanhash: lithium-georgia-floor-comet
File name:5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
Download: download sample
Signature Pony
Create hunting rule
File size:139'776 bytes
First seen:2020-11-10 10:53:29 UTC
Last seen:2024-07-24 14:44:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash be19e18d6a8b41631d40059031a928bb (28 x Pony, 3 x Loki, 3 x NetWire)
ssdeep 3072:VoTv/p/6pTho4yEPhXzpqq/c+tPtdHVWcs:+Tn4o4yKzb/ztV
Threatray 128 similar samples on MalwareBazaar
TLSH D3D3126920CC0468D44ED83158E69EE2F36FADC0882D597B1FE2FF277A75A0B1472935
Reporter seifreed
Tags:Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
381
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-9790210-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Reading critical registry keys
DNS request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Stealing user critical data
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 10:55:51 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lkbdt76v4nychalcs3edx5scmhlumhgdontjvca2dmrijv3h2hwq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
2dba22bb151cb9c5e35304b1a6215374d6857898d217b721f9b5a6e8d973576d
Pony
59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
Pony
5dbfd22543849bd392e080c351227f31137993f23ee7ac5a3184322e43d73745
Pony
754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce
Pony
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
Pony
92dd50589b21721bb8b73217b21be6a6c51f6fca5cb19ebea9a0913cfaa7baa8
Pony
a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f
Pony
a9ab46452a78667dfb767d2bf2507c607d818463c8a0b8d87cf3b79335247a3e
Pony
b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
Pony
e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
Pony
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201110-heh8cd6edj/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
MD5 hash:
6cc81433290efe5d501d9c76bdbfa2e7
SHA1 hash:
c9f67283045de2b7070760740c97a61fb56990d7
Link:
https://www.unpac.me/results/89b564d6-fd79-4619-89d7-353ca82d092d/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments