MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ad6094872144c24ef1ca5c222c747b52e7046713ea79a588e1bcab07a1dd0f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ad6094872144c24ef1ca5c222c747b52e7046713ea79a588e1bcab07a1dd0f0
SHA3-384 hash: ae0e020e08e19ef9cfde24457da009cee0a658e643b1ec427c1629e57b9db5c862d1c4fa901df2fc5780fe6d9573ba15
SHA1 hash: 4f5e96c12cf5ca650e7db1a1e759a845771b4815
MD5 hash: 031517f8d36a5edd507cb7c22ffff7ea
humanhash: twenty-march-delta-oscar
File name:SHIPPING DOCUMENT_PDF.gz
Download: download sample
Signature Pony
Create hunting rule
File size:681'683 bytes
First seen:2020-08-05 08:31:12 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:dvmWnZkxi6khvsXmf9cICjF2H0WCVmmcZG6eYaI9DIZmQ0GyzNG/Hw+odLL8j:dFZkxeh0mfuVAH6VJcZRwYjGv/HxoCj
TLSH 76E42349DF41767F262C98688DB68026088DE30E1FCE0D72C97AEB5D3166D118FDA735
Reporter abuse_ch
Tags:gz Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: mail.ptjlg.co.id
Sending IP: 103.253.68.52
From: MAERSK LINE <jkkang@ptjlg.co.id>
Subject: TOP URGENT : Outstanding Import Invoice // Need urgently settle by August 5th, 2020 // CNEE // BL AAGS030552
Attachment: SHIPPING DOCUMENT_PDF.gz (contains "SHIPPING DOCUMENT_PDF.exe")

Pony C2:
http://smkrantimula.sch.id/ol/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
731
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ad6094872144c24ef1ca5c222c747b52e7046713ea79a588e1bcab07a1dd0f0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 08:33:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pllassdscrgcj3y4uxbcfr2hwuxhartrh2tzuweodpfla6q52dya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ad6094872144c24ef1ca5c222c747b52e7046713ea79a588e1bcab07a1dd0f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 7ad6094872144c24ef1ca5c222c747b52e7046713ea79a588e1bcab07a1dd0f0

(this sample)

Pony

Executable exe d01f1ad8b4e08a70621ab7d9907d551bc238a990737e45060252998c059bb0fa

  
Dropping
MD5 629c9c91515c950d1d175e8b607f3f74
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d01f1ad8b4e08a70621ab7d9907d551bc238a990737e45060252998c059bb0fa

Comments