MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f828d81114931700a57bfee54f7f96834506df4ff04f55e414e95223c3797b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f828d81114931700a57bfee54f7f96834506df4ff04f55e414e95223c3797b1
SHA3-384 hash: 4a3ce12debfcb69bdf3c9827a8fddfc6f2b5c48f1687840ba846c1ade3cdd2a14ecf70e0dba847ebba9834c0006209d1
SHA1 hash: fbead9519dbb8284cd339eb6738b060c6b378523
MD5 hash: 2e7fe8702a0f79c6ed0b09dd31b7d957
humanhash: mexico-emma-pasta-muppet
File name:Akt nachalo iyulya.001
Download: download sample
Signature Pony
Create hunting rule
File size:129'841 bytes
First seen:2020-07-13 11:29:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:w7u8DeKjxwB6WjDAf5vMsUYWDvNJcO/FuYp89RZOG0B27h39U:wWLoPIFu5LIB2dtU
TLSH 9FC31276F2D7EBB5224E9821F1A396211DA7D3E63604157127017B8739D8F2C08AEDB3
Reporter abuse_ch
Tags:001 geo Pony RUS


Avatar
abuse_ch
Malspam distributing Pony:

HELO: mx.dobrohost.ru
Sending IP: 94.130.22.160
From: Милена Коновалова <aen@pngservice.ru>
Reply-To: Милена Коновалова <tarasovaek60@rambler.ru>
Subject: Док-ты начало июля
Attachment: Akt nachalo iyulya.001 (contains "Akt nachalo iyulya.exe")

Pony C2:
http://91.200.102.242/p/z05857687.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
801
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f828d81114931700a57bfee54f7f96834506df4ff04f55e414e95223c3797b1/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:31:04 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6bi3airjeyxacsxx7xfj57zna2fa3pu74cpkxsbj2ksepbxs6yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 1f828d81114931700a57bfee54f7f96834506df4ff04f55e414e95223c3797b1

(this sample)

Pony

Executable exe 4e07e19a75305cc86b8714e29695b0297b663627d55e108fad4560613e02cd32

  
Dropping
MD5 7f7c5cacc9352348efed2bd68321dae6
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e07e19a75305cc86b8714e29695b0297b663627d55e108fad4560613e02cd32

Comments