MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04a82e23e8f41f5d6f7c69c4d755cf1e4f22aa144eef15bd71288e111e2f079b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04a82e23e8f41f5d6f7c69c4d755cf1e4f22aa144eef15bd71288e111e2f079b
SHA3-384 hash: efac68353af6881d304187a624ff1706678003a8b72c74e100fd602e121b2cbe97d1dd867eb62de3a2d115e78fc1b877
SHA1 hash: 5f51e980a9f71362900630cc73c3056b71232a61
MD5 hash: d8eb1d5532f2a3a2c1a973580c7d9d96
humanhash: zulu-victor-ten-johnny
File name:Shipping Documents.z
Download: download sample
Signature Pony
Create hunting rule
File size:169'577 bytes
First seen:2020-05-10 07:51:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:+YU8cmYdYiz5whiiRq9ILg7avMjYntA0zA8ysAWdFeo9doPnRxEUJU5BIc0Q31hR:+Y1cmYdYi0Pqz7NYthzpysAW39dCnRxI
TLSH 4CF312D6AE8A18847F6C362EC6C5E2C365578F953B22F2DF064064E7BCFA16043AD911
Reporter abuse_ch
Tags:DHL Pony z


Avatar
abuse_ch
Malspam distributing Pony:

HELO: mail.saxco.com.my
Sending IP: 116.0.120.79
From: DHL Customer Service <Italy@dhl-news.com>
Subject: RE: DHL Pakistan (Pvt.) Ltd Copies of original shipping documents
Attachment: Shipping Documents.z (contains "qxHaVt5PjLDB5hS.exe")

Loki C2:
http://23.94.30.178/~brosxciv/k/panel/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
458
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45342.6298.22247.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 08:35:43 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=asuc4i7i6qpv2334nhcnovopdzhsfkquj3xrlplrfchbchrpa6nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 04a82e23e8f41f5d6f7c69c4d755cf1e4f22aa144eef15bd71288e111e2f079b

(this sample)

Pony

Executable exe f4e44a53a69291a3e254cc11fcf4dbe244f407cff4d919526a2532c65654ad89

  
Dropping
MD5 85e5d033dd4d58642fcfd8894405191e
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4e44a53a69291a3e254cc11fcf4dbe244f407cff4d919526a2532c65654ad89

Comments