MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3
SHA3-384 hash: e4f146eab287a6f976be7171b7daa2e1fb268ff2d696e1030a6d1ddbe9a0db4af525a292d1eb59a6d63e5efca91f5ae6
SHA1 hash: 7a28b40270b5722de41a0123da7e26f171da5f5c
MD5 hash: b58c2b723bad091caf084ac06049b8ad
humanhash: beer-blossom-red-grey
File name:68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3
Download: download sample
Signature Pony
Create hunting rule
File size:139'776 bytes
First seen:2020-11-11 11:03:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be19e18d6a8b41631d40059031a928bb (28 x Pony, 3 x Loki, 3 x NetWire)
ssdeep 3072:MoTv/p/6pTho4yEPhXzpqq/c+tPtdHVWcr:BTn4o4yKzb/ztV
Threatray 408 similar samples on MalwareBazaar
TLSH 06D3226920CC046CD54ED83158E69EE2F36FADC0882D197B1FE2FF277A76A0A1471935
Reporter seifreed
Tags:Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
375
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Reading critical registry keys
DNS request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Stealing user critical data
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:05:23 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbrjoanrfujqajkm4beapoeu7wazlpjwzzvwz3v6lpv2lvqm6xjq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
15009bbe320d77a38e4341a5e160baec142a96f86c730a33dae9a1487399c78c
Pony
2dba22bb151cb9c5e35304b1a6215374d6857898d217b721f9b5a6e8d973576d
Pony
59c17773776261d45122a0d067088654268ca71b329a6e9495105c500c12c8c1
Pony
5a8239ffd5e37023816296c83bf64261d7461cc373669a881a1b2284d767d1ed
Pony
5dbfd22543849bd392e080c351227f31137993f23ee7ac5a3184322e43d73745
Pony
754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce
Pony
92dd50589b21721bb8b73217b21be6a6c51f6fca5cb19ebea9a0913cfaa7baa8
Pony
a9ab46452a78667dfb767d2bf2507c607d818463c8a0b8d87cf3b79335247a3e
Pony
b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
Pony
e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
Pony
+ 398 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-meznpwgflx/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
68629701b12d1300254ce04807b894fd8195bd36ce6b6ceebe5beba5d60cf5d3
MD5 hash:
b58c2b723bad091caf084ac06049b8ad
SHA1 hash:
7a28b40270b5722de41a0123da7e26f171da5f5c
Link:
https://www.unpac.me/results/114f4e7c-c4c1-4e5d-b0df-c9336b24876d/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments