MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda
SHA3-384 hash: 9487a67374d3e0dc21b7362b5d28ebacfbd39891ce404ac2d2023ad181c944624cd4cd5afe26e3573f68f16eb2465c8a
SHA1 hash: 5ffe084c5f679f50b7c5cb872dcf7c2c1af3fe04
MD5 hash: a4588f57322665c795bdf720abc23ffc
humanhash: grey-delta-timing-burger
File name:7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda
Download: download sample
Signature Pony
Create hunting rule
File size:189'771 bytes
First seen:2020-11-11 11:42:52 UTC
Last seen:2020-11-11 13:51:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2727f1bbd099fb2b359b7df625ad4dd0 (8 x Pony)
ssdeep 3072:3z8c5VEFom+c6EXCIi3JhVpojmDcLEX5eU5QQlVrI9l4DbHSrwHlm/2z4:dcoRXEXCIQojmD7XwPo2aDbHqoFz4
Threatray 134 similar samples on MalwareBazaar
TLSH EA045B3AF1529037DB0894F414C91ACA0E44CF786A528797BE5EBA7D6CE101DAC47EF2
Reporter seifreed
Tags:Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
421
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.13607.8478.21372.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Reading critical registry keys
DNS request
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Stealing user critical data
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Fareit
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/531718
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Drops / launches Pony Loader self-deletion script - malware possibly based on Pony Loader leaked source code
Found C&C like URL pattern
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Yara detected Fareit stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:54:19 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ps3vdn3vehb62wzy4womt2kejs3675bi4hmuyefyactjqkwbvpna._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
25fe3949ffb0fb49cc27992f89558c45abdda778e775a58fde4647fb36dcafff
Pony
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
4bb2312117a9cca54bbb57f052f7a012d1971b1895fee03e35f6b657ac506bd1
Pony
81e4e55c3b927e248c48e3c5414509e7808755d74b3504b709fbdfecba19f613
Pony
9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d67bc999b9c89a4c2ccd9832b42accf936e6b4403d27226c8de973ec0987d945
Pony
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
Pony
e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf
Pony
+ 124 additional samples on MalwareBazaar
Result
Malware family:
pony
Create hunting rule
Score:
  10/10
Tags:
family:pony discovery rat spyware stealer
Link:
https://tria.ge/reports/201111-8dgmbxffma/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Pony,Fareit
Unpacked files
SH256 hash:
7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda
MD5 hash:
a4588f57322665c795bdf720abc23ffc
SHA1 hash:
5ffe084c5f679f50b7c5cb872dcf7c2c1af3fe04
Link:
https://www.unpac.me/results/9fa8d507-6bcb-43f2-9abe-79910f7075ac/
SH256 hash:
39bac135488ef75238eddfa68dc083df5d6ac3ad575795a3121f00337b164798
MD5 hash:
5ebf8ae5098e73935fe6796e82c9118e
SHA1 hash:
9f95257d8176dfb46797ae7b0ab1a264b3c7a9a4
Detections:
win_pony_auto
Create hunting rule
Link:
https://www.unpac.me/results/9fa8d507-6bcb-43f2-9abe-79910f7075ac/
Parent samples :
66b46a26acf7e77daa218e4dd587f11ae0f1bdfc699c9fe543fb3224568fbeec
7cb751b77521c3ed5b38e59cc9e9444cb7eff428e1d94c10b800a6982ac1abda
92c2328cddcc51230e0dfcfd2b819b6778d73328770a941aed80aab9542a465d
fd99712113fbc6ed5c88886da730806a765d96231fe27f5697b0bf5a75124b36
200ea893543df1ab909c78ed95c3f56b1693b283a6b210bc9d8f0694faab1168
074be99cbe3fff4403a53f8ed02772349f764146134c4ab349e1f982e6134cf2
1ea49ae9451ec1ad1e3411b2ad1fc525764d2ca956709239ff6784eae28b71dd
a78344b158a19e070c26e66c451d7eed2846f36048c8ddc365994c048a2859dd
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments