MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pony

Vendor detections: 6

Intelligence 6 IOCs YARA 3 File information Comments

SHA256 hash:	2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73
SHA3-384 hash:	25f676ca661080e690d5c4cb95cc48b92213100786ca97db4f85d9209edafc7ef458de971f2e80db39bbf7eb54834437
SHA1 hash:	712ccb22f6fc92a894014cff15528d756a75c6e8
MD5 hash:	39ad6e132e71fd6f265eb2c229686dcb
humanhash:	asparagus-gee-wisconsin-west
File name:	Statements Of Account.exe
Download:	download sample
Signature	Pony Create hunting rule
File size:	525'824 bytes
First seen:	2021-07-13 18:08:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:Pdlxnp9UAlRwBpE5py3xMWR+JZgCl5h1OlJV:5U4RwBMpy3WW4JiSB2n
Threatray	3 similar samples on MalwareBazaar
TLSH	T1B3B4122A2DFD51B9D1729F7622E139628A7EF6327207F14D1489074A4707B81ECE2B39
Reporter	malwarelabnet
Tags:	exe Pony

Intelligence

File Origin

# of uploads :

# of downloads :

598

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Statements_Of_Account.exe

Verdict:

No threats detected

Analysis date:

2021-07-01 14:12:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/13fe5928-fbd5-4b7f-b48d-adad8d83bd0b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/171486/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.900-1.UNOFFICIAL

Win.Packed.Generickdz-9877891-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b9198224-a9fc-4c56-b4f4-5c7319ceec37

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/815809

Signature

.NET source code contains very large strings

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM3

Yara detected aPLib compressed binary

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-07-01 12:43:48 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fvle7cgey2nc6zn4taedxgrisi3nwqz6nvfsuze3elzofkhnnvzq._file

Verdict:

unknown

Pony

29fbf1d4da3f7b2aa2c388ba6af3e3e48f437c8a7acec3cc9911f591e52cb0b4

Pony

c5b56bcdb7672777ac9f2ed52d73eb7645310d54d93582f48296277efa006561

Pony

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/210713-5bjjg2x5y6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

5bede9eedf6ae6df5a9d587c116c9583b31474c159c2b53486b000093cb3fde6

MD5 hash:

072eeac61b35d3f09edee4ff4f80f52d

SHA1 hash:

696fd9905a47e526470c2e234fef32f1ec1b74ad

Link:

https://www.unpac.me/results/82e09883-b912-40b4-a073-06dbb62425d8/

SH256 hash:

bfdda21067d9684f8cc6f38cf25ee73dce09f757a9a0711c541b4ae29fc0fa1f

MD5 hash:

beba071e8839eae8132fda0b7e02f2cf

SHA1 hash:

876664cbe130451f858c3775ef5fc3d9de3b427e

Link:

https://www.unpac.me/results/82e09883-b912-40b4-a073-06dbb62425d8/

SH256 hash:

bad5c9039b9dab410bbbf96203b7992db77ca91bee96d6bcad93e78732d9e080

MD5 hash:

9fae4a9a065d93587f8220863b03f17f

SHA1 hash:

f079a13701f12c5f3d9d8b8d229f28e5d8ffbaa9

Detections:

win_pony_g0

win_pony_auto

Link:

https://www.unpac.me/results/82e09883-b912-40b4-a073-06dbb62425d8/

Parent samples :

64fe753151b9031725f678753f28e119f65e4b7b8664a1c69aefba2f72473355
2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73

SH256 hash:

2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73

MD5 hash:

39ad6e132e71fd6f265eb2c229686dcb

SHA1 hash:

712ccb22f6fc92a894014cff15528d756a75c6e8

Link:

https://www.unpac.me/results/82e09883-b912-40b4-a073-06dbb62425d8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.38

Link:

https://yomi.yoroi.company/submissions/2d564f88c4c69a2f65bc98083b9a289236db433e6d4b2a649b22f2e2a8ed6d73

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/171486/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample