MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31ca432734bc4854e948fc0bdb2d14da67c6e5759cd54980e1ad0858b8102ec7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31ca432734bc4854e948fc0bdb2d14da67c6e5759cd54980e1ad0858b8102ec7
SHA3-384 hash: 5112e677a57105f2354bafe737f1600a2a6b577043e959b3807c6e04dbf5154c13eb9b6afe20bbbf3d75fa8bb5f39017
SHA1 hash: eb47f98975edc9b340fbe52176e0d903bd1fd4fb
MD5 hash: 06765254fa14e550e6bcee092cb37b18
humanhash: asparagus-jupiter-pluto-high
File name:SecuriteInfo.com.Win32.Injector.ELDR.23797
Download: download sample
Signature Pony
Create hunting rule
File size:77'824 bytes
First seen:2020-03-19 18:03:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 86def179ace6d501cd8c6edd44bbae51 (1 x Pony)
ssdeep 768:19d5wr+XFF+ml+VrrjTxwFbto6KWe+BtwmRl8TTZ3lob9MqXQQMKdfhCivQ:1j5HV0y+Vrb2r93RlAPQ9qFt
Threatray 1'039 similar samples on MalwareBazaar
TLSH A5737C13F780E921D478CB7E6C5ADAD11053BC656992D68B32907F0F68F10E28F5AA39
Reporter SecuriteInfoCom
Tags:Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639494-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Generic-7640133-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 15:48:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ghfegjzuxrefj2ki7qf5wliu3jt4nzlvttkutahbvuefroaqf3dq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
guloader
Create hunting rule
Similar samples:
22cb196542d83d6a2fece818c7fc714bdfb6daf6f71ffc8ace80e0e9d5c7cfde
Pony
46f8fc3fce1ea9a75ddf3756a7bcdd1fea6b5d86717dfef472a4177d4bb8ab8e
Pony
49f23a6aa07ad1617e09d06680a7e2544ba8daa9295285405b7c82ab96b8a335
Pony
5623df29bdeb9756ab512f3c77dd11725878939a0b8d98726798d8604ab60dfa
Pony
87dc16528521b99284a5d7e466d1cd5047c3ca27caaa05a0ea6ccd11b63dd3b8
Pony
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
Pony
98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5
Pony
e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
Pony
e4b839be39665555c0637a45d7835cf5aed0633b9d3b3c72b0c3710555cf2eb0
Pony
eadde88c8f7d7dcd4174654c77714475743d46b6314f56790e04da399f62f878
Pony
+ 1'029 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/31ca432734bc4854e948fc0bdb2d14da67c6e5759cd54980e1ad0858b8102ec7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe 31ca432734bc4854e948fc0bdb2d14da67c6e5759cd54980e1ad0858b8102ec7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/327089/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments