MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a8b4b69fbf5af1daaea347d7b8ee7e202f8beabf364f7e95f6784db66a23daa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 11


Intelligence 11 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a8b4b69fbf5af1daaea347d7b8ee7e202f8beabf364f7e95f6784db66a23daa
SHA3-384 hash: bf922478953ce1999238da3a9a064c14adef3054a432f9414ca6b30ac0b90d330e32da46ea364e8b9e2aa92d2d6edb0b
SHA1 hash: 5177d1382831023566aa0e50daaa6cbabd4caae4
MD5 hash: bdf36feb6f6a8d394785185a95a60a03
humanhash: avocado-wolfram-iowa-don
File name:1A8B4B69FBF5AF1DAAEA347D7B8EE7E202F8BEABF364F.exe
Download: download sample
Signature Pony
Create hunting rule
File size:159'744 bytes
First seen:2021-11-07 12:50:58 UTC
Last seen:2021-11-07 15:18:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ae6659a9d12d06175669debb5b3247f (1 x Pony)
ssdeep 1536:yD/1if2V0ZVKo0zB1QFXQIUrkFOxf6iFAE8OUjAmasPUGvtyklJIea4Jk3p0Z:SrAVf0zsFAIakyfna5BU2skrIyJk3ps
Threatray 1'614 similar samples on MalwareBazaar
TLSH T1C5F3E1E4121AF8E2F555A73B8D75CAE217296F144F201B50A2D071AB4638D1ADF2F31F
File icon (PE):PE icon
dhash icon 70694c7cfcccc8f0 (1 x Pony)
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Pony C2:
http://agulino.com/panel/gate.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://agulino.com/panel/gate.php https://threatfox.abuse.ch/ioc/244862/

Intelligence

File Origin
# of uploads :
2
# of downloads :
608
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Pony
Create hunting rule
Link:
https://www.capesandbox.com/analysis/203021/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@ciY5Lmnb.27756.21315.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
fareit loki pony
Link:
https://www.filescan.io/uploads/6187cbb843a4f74809123c83/reports/10e55148-8953-4603-9fe7-31e483cc805f/overview
Malware family:
Pony
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c77e8f9d-656d-405f-85fc-670e926adb85
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/884775
Signature
Antivirus / Scanner detection for submitted sample
Found detection on Joe Sandbox Cloud Basic with higher score
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a8b4b69fbf5af1daaea347d7b8ee7e202f8beabf364f7e95f6784db66a23daa/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2017-10-23 14:39:05 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dkfuw2p36wxr3kxkgr6xxdxh4ibprpvl6nspp2k7m6cnwzvchwva._file
Verdict:
malicious
Similar samples:
04e561913818e236846b11ce9dc11e40ca04e86e55c1ec314d1aedd2435b221b
Pony
448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9
Pony
4a27f9816dec1c18870712cde14590b8cd84e6fa5a92dc7488f8522b9f5c7911
Pony
773873a915db516ec70cc2ef28da691539af10d2aede89835f3f776f9c9afa04
Pony
99b13841abbf0c2bf736ab08e0e7f48cd28cab2e69eff60399de65e0eced2e68
Pony
a6ab3a1ec39d3a4c0660bbfdbe8cbbdd89d9278cca176d7bff77d7aab00dd7ed
Pony
ae4d46e3c772093c5ad9ee27e412f11e6be6923a1efeca80b1dba5d1fef8f62e
Pony
afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c
Pony
b9a9ec05af5b7ca80af675e1c9a6d1582775d1949d35b475111a8a8b32ac4a2a
Pony
cecab4db1eb666098828a5161c7a2c894b24f42fe7261b8231e766e1ce9a0794
Pony
+ 1'604 additional samples on MalwareBazaar
Result
Malware family:
pony
Create hunting rule
Score:
  10/10
Tags:
family:pony collection discovery rat spyware stealer
Link:
https://tria.ge/reports/211107-p3gx6aabh6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_win_path
Enumerates physical storage devices
Accesses Microsoft Outlook accounts
Accesses Microsoft Outlook profiles
Checks installed software on the system
Deletes itself
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Pony,Fareit
Malware Config
C2 Extraction:
http://agulino.com/panel/gate.php
Unpacked files
SH256 hash:
37c84b93fe08460f8c1ce0c99e6e99aa29d349574d912ab1a605e0200a8f2903
MD5 hash:
04b7741d5fcd2668c81cc97a591de87d
SHA1 hash:
cad05bc6086a5e56cba6652a4eb34e870aab25f9
Detections:
win_pony_g0
Create hunting rule
win_pony_auto
Create hunting rule
Link:
https://www.unpac.me/results/b9929663-d729-45bd-ac45-749da2d8cf48/
SH256 hash:
1a8b4b69fbf5af1daaea347d7b8ee7e202f8beabf364f7e95f6784db66a23daa
MD5 hash:
bdf36feb6f6a8d394785185a95a60a03
SHA1 hash:
5177d1382831023566aa0e50daaa6cbabd4caae4
Link:
https://www.unpac.me/results/b9929663-d729-45bd-ac45-749da2d8cf48/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/1a8b4b69fbf5af1daaea347d7b8ee7e202f8beabf364f7e95f6784db66a23daa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/203021/

Comments