MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2260dc5828c2da995515160bf804528efab122f59410607faebe1f7ed7c92afa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2260dc5828c2da995515160bf804528efab122f59410607faebe1f7ed7c92afa
SHA3-384 hash: 55d658de997dd655a31ca6949b91d60a5cac031bf94e22db5bc6f0575d79f0d60cc6897a738538728edb5559d8addc63
SHA1 hash: 68dd6f68c5ebb7dff057a20433c4294d01593d3b
MD5 hash: c811e0fd992325627f0336c4f1869d75
humanhash: kansas-louisiana-april-salami
File name:document01.image.scan--11.jpg.zip
Download: download sample
Signature Pony
Create hunting rule
File size:436'237 bytes
First seen:2020-07-07 18:24:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WZmb+ihNOkopf7sLoxCdoOPqgp895YF4I4:yw+iPOkopTsLbPvpUg4V
TLSH 3D942371490FB5272234E0FE299A15B63C3163932B7D36B9EF16D87A03DC46981B069E
Reporter abuse_ch
Tags:Downloader.Pony MailChannels Pony zip


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: cat.oak.relay.mailchannels.net
Sending IP: 23.83.215.31
From: Martin Hrašč <accounts@omanautism.om>
Subject: PO
Attachment: document01.image.scan--11.jpg.zip (contains "document01.image.scan--11.jpg.exe")

Pony C2:
http://kanavagronomy.in/star/panel/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
794
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23633.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2260dc5828c2da995515160bf804528efab122f59410607faebe1f7ed7c92afa/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 18:26:06 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ejqnywbiylnjsvivcyf7qbcsr35lcixvsqiga75oxypx5v6jfl5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 2260dc5828c2da995515160bf804528efab122f59410607faebe1f7ed7c92afa

(this sample)

Pony

Executable exe 240cb0b0443f8e63dc65887da08db0b05a6912be194bd870b07e4cd86865d12a

  
Dropping
MD5 0189f099f1d4340903c64c40fcf3d3a2
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 240cb0b0443f8e63dc65887da08db0b05a6912be194bd870b07e4cd86865d12a

Comments