MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4
SHA3-384 hash: e91f76e018ca0471c052abeaa4672688b85b4fbcbf51ab1650e93db767fe2a78bc90d4c363350c786ab5f7668f9a1de3
SHA1 hash: 858329090fdcd77b0b3091d8f5fbde54ceece506
MD5 hash: 3fe593734899896c94cf67b46e032726
humanhash: victor-beer-hotel-lactose
File name:Scan Purchase Order _pdf.zip
Download: download sample
Signature Pony
Create hunting rule
File size:486'991 bytes
First seen:2020-06-12 06:34:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:alSErl+jYrwnpCYpUtMUg5YORLJOCrCRbCRtS:alS4lpwpmMUgHjbsbCRtS
TLSH 98A423F3654930176C90D8DA897EC97BAB61398DB93B841137EA838E155FF002B77329
Reporter abuse_ch
Tags:Pony zip


Avatar
abuse_ch
Malspam distributing Pony:

HELO: tr.trendapihub.live
Sending IP: 45.95.171.247
From: RASTI LARI GENERAL TRADING CO, LLC <Isaac@preformed.com>
Subject: June Order PO AE76853 / RASTI LARI GENERAL TRADING CO. L.L.C
Attachment: Scan Purchase Order _pdf.zip (contains "POL.exe")

Pony C2:
http://shinhan-vina.com.vn/hd/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
456
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.245818.10883.3329.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:36:06 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n4jl5sg3h2x2z663cn5ncbo2kqg4h4z5qlsy3nkpbodwepijgxka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4

(this sample)

Pony

Executable exe fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27

  
Dropping
MD5 68a170452e42bcc18b6e91812a08cfc9
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27

Comments