MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaf1f655f2e2a22a288a74af7698bc09a5613745687b44e69bd98ed94631827a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: eaf1f655f2e2a22a288a74af7698bc09a5613745687b44e69bd98ed94631827a
SHA3-384 hash: 892a04e667b4f8fd8d11ee2ac96fb42dbead26408e100367e851f1cd3a1a4461ce5f4ac66a752cefd2c4a0a3dd030fdd
SHA1 hash: 59b6ce673b5f1d7d1e254a1ddafb224f917488ce
MD5 hash: 0ad8cbab6fb7dcc7e35741b4ee122611
humanhash: cardinal-carpet-april-nevada
File name:Zayavka konec proshlogo mesyaca.001
Download: download sample
Signature n/a
File size:65'123 bytes
First seen:2020-07-31 11:26:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:pEKpN61DjgOFBmzJM+kL4mPbMLoXvUXDk6/oOTwTZ3O:jT61Ix61L3ICKkMoOSBO
TLSH BD5302695053D368EE25303954F7883B7C650ED1BD36DB022A5A37800A6BBF59EF7888
Reporter @abuse_ch
Tags:001 geo Pony RUS


Twitter
@abuse_ch
Malspam distributing Pony:

HELO: 1b.it-net.su
Sending IP: 176.107.248.116
From: Александра Зайцева <n.glazkova@1b.it-net.su>
Reply-To: Александра Зайцева <tarasovaek68@rambler.ru>
Subject: Возврат за этот месяц
Attachment: Zayavka konec proshlogo mesyaca.001 (contains "Zayavka konec proshlogo mesyaca.exe")

Pony C2:
http://45.61.138.109/p/z05857687.php

Intelligence


File Origin
# of uploads :
1
# of downloads :
36
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 11:28:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar eaf1f655f2e2a22a288a74af7698bc09a5613745687b44e69bd98ed94631827a

(this sample)

  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment

Comments