MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 221c59874d50570509a471bc3c91f9ea8404ac1dc15349e5c6c887ab28c5b5fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 221c59874d50570509a471bc3c91f9ea8404ac1dc15349e5c6c887ab28c5b5fa
SHA3-384 hash: 0e5882748d8d4979698fbc149b068788ab846a6a11ba2de7aca5cb8a7f87ab14125799bd9265c18dd7a569693d8048ed
SHA1 hash: 4f780430a279efb177a0ca2957f796596d04c4d4
MD5 hash: a1e8d20a567b709aa412c2a74d70dc6a
humanhash: pip-thirteen-avocado-magnesium
File name:ORDER-A01KS06499.zip
Download: download sample
Signature Pony
Create hunting rule
File size:466'984 bytes
First seen:2020-06-17 05:56:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ngqWkIUlVS63HjyeDcvcgbFGWiDHLvwhL5XFanuAvBD:fWkHVS63Hj/aQOhFouEBD
TLSH 64A423DA622B4433FADEC599E7E33C92506340284A5B8B77C07EA5C47FC9D21D934263
Reporter abuse_ch
Tags:Pony zip


Avatar
abuse_ch
Malspam distributing Pony:

HELO: newspamfilter1.mailnara.co.kr
Sending IP: 121.189.61.170
From: Al Meraj Travels <almeraj786@hotmail.com>
Subject: P.ORDER
Attachment: ORDER-A01KS06499.zip (contains "ORDER-A01KS06499.exe")

Pony C2:
http://cryptobaltic.lv/lv/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
544
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:58:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eioftb2nkblqkcneog6dzepz5kcajla5yfjutzogzcd2wkgfwx5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 221c59874d50570509a471bc3c91f9ea8404ac1dc15349e5c6c887ab28c5b5fa

(this sample)

Pony

Executable exe 98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5

  
Dropping
MD5 bc4f3ae77ccc0f86c0c5de0a6757e17c
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5

Comments