MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 038d193463fc5a9d70c3a58def893bfa586331bf93fbca411b26fd034d1f7ffb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pony

Vendor detections: 7

Intelligence 7 IOCs 1 YARA File information Comments

SHA256 hash:	038d193463fc5a9d70c3a58def893bfa586331bf93fbca411b26fd034d1f7ffb
SHA3-384 hash:	bde3ac64154111d0570a8a2861d52957da17db501279d2fe967e59104eee1e1ab574bcebb85b3968979faeb99a3b6e2c
SHA1 hash:	44d8b76bd320d6dd43fccc2c8b4ea40dcc0f40c2
MD5 hash:	7ce775122242f916ce850a1682318374
humanhash:	xray-eighteen-green-beryllium
File name:	038D193463FC5A9D70C3A58DEF893BFA586331BF93FBC.exe
Download:	download sample
Signature	Pony Create hunting rule
File size:	215'939 bytes
First seen:	2022-05-01 00:01:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	46d56b44c2f42c46a90229f6b8a7313a (1 x Poison, 1 x Pony, 1 x Plugx)
ssdeep	6144:2zG8nriOnW/rGgGNUgaM7D9k//qjRPV8Nh:O1DYrE/N7Bk/s9ih
Threatray	474 similar samples on MalwareBazaar
TLSH	T16C24BF20B5808873D0100B7C9D0BD669D4397B212F7D71D337DE5FAD9EF628629292BA
TrID	46.5% (.EXE) InstallShield setup (43053/19/16) 15.3% (.EXE) Win32 Executable Delphi generic (14182/79/4) 14.1% (.SCR) Windows screen saver (13101/52/3) 7.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'335 x GCleaner, 1'816 x Socks5Systemz, 67 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe Pony

abuse_ch

Pony C2:
http://lllee.bl.ee/Panel/gate.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://lllee.bl.ee/Panel/gate.php	https://threatfox.abuse.ch/ioc/545399/

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'250

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

038D193463FC5A9D70C3A58DEF893BFA586331BF93FBC.exe

Verdict:

No threats detected

Analysis date:

2022-05-01 00:02:24 UTC

Tags:

installer

Link:

https://app.any.run/tasks/4348e5e1-3feb-418f-a632-34c52d2cc883

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/268015/

Detection(s):

SecuriteInfo.com.PSW.Generic9.ALGX.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Delayed reading of the file

Creating a file in the %temp% subdirectories

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

fareit fingerprint greyware overlay packed pony shell32.dll wacatac zbot

Link:

https://www.filescan.io/uploads/626dcdfc62b1ae4451c46d7c/reports/e343a443-bce5-409f-9221-0869adc49b7f/overview

Malware family:

Pony

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/18646eec-daff-401b-ac07-28ac98f0f058

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/986012

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/038d193463fc5a9d70c3a58def893bfa586331bf93fbca411b26fd034d1f7ffb/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2014-03-27 16:26:00 UTC

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=aogrsndd7rnj24gduwg67cj37jmggmn7sp54uqi3e36qgti7p75q._file

Verdict:

unknown

Similar samples:

06db093414f42d7669e57d31a8d563c71018e8d75c886244b77a6a9bc86b6fdb

47e9b75457446a3b3c86622dd282065b0f88603e2c009670c1f7eaf00183a407

549953d5db2a4646740e721e24ec1b7fa57ef6c4d72ffa32752b17d4a65c36e4

5ce9dedae33e348bed0fc2fa2f8831adc8263177b7d2674dc634cd2709beba09

9217d926826128058e86a2a2bba020ea38062503648e320194b22d1ade0ffee9

a0ffdf30527a07da8149e4c77d77a128b4ad1c5db544daad46a55756684a54dc

bf857a8b64347b8df2cced82c84b9db3bb3139d481bead89e641e819cce1d4d3

+ 464 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/220501-abf48abag3/

Behaviour

Enumerates physical storage devices

Unpacked files

SH256 hash:

038d193463fc5a9d70c3a58def893bfa586331bf93fbca411b26fd034d1f7ffb

MD5 hash:

7ce775122242f916ce850a1682318374

SHA1 hash:

44d8b76bd320d6dd43fccc2c8b4ea40dcc0f40c2

Link:

https://www.unpac.me/results/5f2dd528-1d4f-44a2-bbc4-ccc965723057/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.40

Link:

https://yomi.yoroi.company/submissions/038d193463fc5a9d70c3a58def893bfa586331bf93fbca411b26fd034d1f7ffb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/268015/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample