MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7eadc93ddbf6b0dad43ade56b9e95ec1c34a74755fd2df28389e7ba15350200. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7eadc93ddbf6b0dad43ade56b9e95ec1c34a74755fd2df28389e7ba15350200
SHA3-384 hash: faefddee5e61fa1caf79e080383926987995c08427c769482f233c9e988cc5e857e643cb10106a998e879f19f667c241
SHA1 hash: 27330eb467e9c4af1343e3f9b7c5a257ff28dff6
MD5 hash: bdd254f670353441077d3c1311232d83
humanhash: black-colorado-salami-lake
File name:Invoice AWB00015564.gz
Download: download sample
Signature Pony
Create hunting rule
File size:385'076 bytes
First seen:2020-10-28 07:42:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:JFryHAuB/XqqnyulnNE1oNA3sD74YLJdYhgRlxxCg00HGfpo3ma5mN3sfml+C:JFryguB/XryiE1WD74iJKWPCg00mBo3O
TLSH 6E8423DAA203D9FC0D3F8AD54F7CB9BA6F2A9132A743942E8FE9395A54CC068551401E
Reporter abuse_ch
Tags:DHL gz Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: server.tuguhotels.com
Sending IP: 103.219.251.235
From: DHL EXPRESS <saigonsan@tuguhotels.com>
Reply-To: DHL EXPRESS <customerservices@dhl.com>
Subject: RE: Outstanding Invoice AWB00015564 with the Requested Paperwork
Attachment: Invoice AWB00015564.gz (contains "Invoice AWB00015564.exe")

Pony C2:
http://infishop.mindztechnology.com/aa/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
725
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Artemis0194C548A530.28501.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7eadc93ddbf6b0dad43ade56b9e95ec1c34a74755fd2df28389e7ba15350200/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 04:25:46 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w7vnze65x5vq3lkdvxswxhuv5qodjj2hkx6s34udrht3ufjvaiaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b7eadc93ddbf6b0dad43ade56b9e95ec1c34a74755fd2df28389e7ba15350200

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz b7eadc93ddbf6b0dad43ade56b9e95ec1c34a74755fd2df28389e7ba15350200

(this sample)

Pony

Executable exe cd0a14444b5324621c259b46d2e6c8a223fb91d7689becfbb5e9902a12235e13

  
Dropping
MD5 1859005cf0e69ae1fd5141ad55e3dc39
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd0a14444b5324621c259b46d2e6c8a223fb91d7689becfbb5e9902a12235e13

Comments