MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67d1a8ba1ef2b9c0587be869cb25f66a800a64be803b7ef9efdb33e850449ac1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67d1a8ba1ef2b9c0587be869cb25f66a800a64be803b7ef9efdb33e850449ac1
SHA3-384 hash: a560ac95959afad625dcd04bd4378d5e6422790b7eaa74d8fedc7b3069bfbd00853fc424436c92c0cffbc45e3674290b
SHA1 hash: ea3b3e8d4eff47a56450ae661b70d0f0a4b6ae97
MD5 hash: 98afc4813ff30768d625ff05f95c7bdd
humanhash: delaware-spaghetti-juliet-nuts
File name:67D1A8BA1EF2B9C0587BE869CB25F66A800A64BE803B7.exe
Download: download sample
Signature Pony
Create hunting rule
File size:172'032 bytes
First seen:2021-05-29 12:10:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 31fb098a91e42fcc6c2d9fbaaee670c0 (1 x Pony)
ssdeep 3072:vVHZaPoA4/zv0VBQMIMn6BtqXRb+QlyvOzGubCFeASjVwghgV:vWPAvYCMIMn0tF6SF/
Threatray 2'903 similar samples on MalwareBazaar
TLSH DBF3E110BC89B538DD7E8AFC0A1D97987C726136CB72896A0714DB3A2236710BF8F575
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Pony C2:
http://zenithlime.usa.cc/ml/vrs/pptr/pny/1/panel/gate.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://zenithlime.usa.cc/ml/vrs/pptr/pny/1/panel/gate.php https://threatfox.abuse.ch/ioc/66777/

Intelligence

File Origin
# of uploads :
1
# of downloads :
725
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
67D1A8BA1EF2B9C0587BE869CB25F66A800A64BE803B7.exe
Verdict:
No threats detected
Analysis date:
2021-05-29 12:15:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a02c79a5-cadf-4aed-8da1-4337ea1cedb9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Pony
Create hunting rule
Link:
https://www.capesandbox.com/analysis/163173/
Detection(s):
Win.Trojan.VBPacked6-6043264-0
Create hunting rule

Win.Trojan.Fareit-7495412-0
Create hunting rule

Win.Trojan.Filerepmalware-9808972-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/794233
Signature
Antivirus / Scanner detection for submitted sample
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67d1a8ba1ef2b9c0587be869cb25f66a800a64be803b7ef9efdb33e850449ac1/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2017-02-10 03:37:03 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m7i2roq66k44awd35bu4wjpwnkaauzf6qa5x56pp3mz6qucetlaq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
15aa1919120cf819c2c0386a0a6b8b71059fa669491016b06df0998a27eb32ff
Pony
59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
Pony
5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
Pony
68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3
Pony
88c63762f85d92709ec567c3a3de9363589c4dd8777e469e5722851c5d3ed5a3
Pony
93e31993de213880948286b0b8d7246d5870a234307d94e799170357074a4e83
Pony
948b5d4daa9864aae1297b9481a1bcee316f723af481e983dbff09fcd8a24563
Pony
9e7bc04d9b7a15b73175902e3c8cd0f245353bb88dfe0a68d122616255aed42f
Pony
b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
Pony
e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
Pony
+ 2'893 additional samples on MalwareBazaar
Result
Malware family:
pony
Create hunting rule
Score:
  10/10
Tags:
family:pony discovery rat spyware stealer
Link:
https://tria.ge/reports/210529-7p2yr64mzn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks installed software on the system
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Pony,Fareit
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/67d1a8ba1ef2b9c0587be869cb25f66a800a64be803b7ef9efdb33e850449ac1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/163173/

Comments