MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 194ee17c8e6427e264d1293dfa527bb803c7dda931007a6a081eb5de7ae85a9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 194ee17c8e6427e264d1293dfa527bb803c7dda931007a6a081eb5de7ae85a9b
SHA3-384 hash: a01ee4a8fb80502e71fa174d841c182e3eb4c38c2d673eda93bfecb240d64d3d5f1c769dee159eb9ab46f9e8560983b5
SHA1 hash: 2592441e283df2a3fd675825a06b2254ef7d1972
MD5 hash: 7133ba184eb2ac2d41ba11b1f2f8436c
humanhash: uncle-skylark-monkey-cup
File name:DHL AWB 13042500307_PDF.gz
Download: download sample
Signature Pony
Create hunting rule
File size:191'814 bytes
First seen:2020-07-03 06:17:44 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:6rnhCUv1Y6SNVr2GJWJX5LJdU2s+kl+KvGW/t8DevnsjGc0WlxFkIthsMDwsJcbX:MTvCZt2GcX54fJl1i60P0WlZhsurJzc
TLSH 9A1423577D06D8EA7145940D30CE0EC1C2B537F8498E2DFF4DB42A69B1D9AB29ABB0C4
Reporter abuse_ch
Tags:DHL Downloader.Pony gz Pony


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: cpanel3.centrin.net.id
Sending IP: 202.146.241.47
From: DHL EXPRESS© <amelia@sinokor.co.id>
Subject: Electronic invoice generated by DHL Express_Invoice 03-07-2020: Air Waybill no 13042500307
Attachment: DHL AWB 13042500307_PDF.gz (contains "DHL AWB 13042500307_PDF.exe")

Pony C2:
http://mci-consultant.id/ol/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
773
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/194ee17c8e6427e264d1293dfa527bb803c7dda931007a6a081eb5de7ae85a9b/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:19:04 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfhoc7eomqt6ezgrfe67uut3xab4pxnjgeahu2qid22546xilknq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 194ee17c8e6427e264d1293dfa527bb803c7dda931007a6a081eb5de7ae85a9b

(this sample)

Pony

Executable exe 66805e6f758115e77f635b2c469fd0c44629ac1994f972a36be52116820c9e9d

  
Dropping
MD5 3dae0f081b9728a4e9299ca7366d4225
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66805e6f758115e77f635b2c469fd0c44629ac1994f972a36be52116820c9e9d

Comments