MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85c7321923f2440c7431eb96ba0b3c83883bd52fabeb293030cb7905858cc83f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85c7321923f2440c7431eb96ba0b3c83883bd52fabeb293030cb7905858cc83f
SHA3-384 hash: ebeae31af3698f9298dd4a7ffc108a70c3cc70f5487c7b395e3a9f0a9b689ab4198342455880aaad164a324a5eb948b6
SHA1 hash: 5519fe981e2a8ac2c5d69f9c1ffc264503c2838f
MD5 hash: 2ace3e0b49fb96c28b6be77d452ad2f8
humanhash: virginia-early-bacon-lima
File name:IMG_Drawings_Specifications_Me33IQbrI5gPmyb..z
Download: download sample
Signature Pony
Create hunting rule
File size:402'034 bytes
First seen:2022-04-21 07:17:05 UTC
Last seen:2022-04-21 07:19:54 UTC
File type: z
MIME type:application/x-rar
ssdeep 6144:fcXgq1fdUh/yVCPUUsEBCLmxm8AG0gpnBlRB6xiUwoPQa9tC4v23HeStSq+Q:yMGpU1BwCm9G3pJsxiUfP9tC42HeS0e
TLSH T18F842346BD27CF42F56A922BD0897991343AC94943BDD892B98F3831E3E35735A583CC
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:Downloader.Pony Pony z


Avatar
cocaman
Malicious email (T1566.001)
From: ""Hetal Safi" <sales@windmailz.store>" (likely spoofed)
Received: "from sendmailz.online (sendmailz.online [192.236.155.62]) "
Date: "Wed, 20 Apr 2022 03:06:50 -0700"
Subject: "Drawings"
Attachment: "IMG_Drawings_Specifications_Me33IQbrI5gPmyb..z"

Intelligence

File Origin
# of uploads :
3
# of downloads :
419
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/626104f5ffe27d511920c025/reports/91df9315-1596-4572-8930-eef47f6e9245/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85c7321923f2440c7431eb96ba0b3c83883bd52fabeb293030cb7905858cc83f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-04-20 22:11:33 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxdtegjd6jcay5br5ollucz4qoedxvjpvpvssmbqzn4qlbmmza7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85c7321923f2440c7431eb96ba0b3c83883bd52fabeb293030cb7905858cc83f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

z 85c7321923f2440c7431eb96ba0b3c83883bd52fabeb293030cb7905858cc83f

(this sample)

Pony

Executable exe 4f7957ddc2eb9746e8f4b08443853af7ab88646bc251eda4179e59e9b5a4b7a6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f7957ddc2eb9746e8f4b08443853af7ab88646bc251eda4179e59e9b5a4b7a6
  
Dropping
Downloader.Pony

Comments