MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
SHA3-384 hash: f59d3a2a7e9681e536189f36f941c165ccb80752f499cf4a214fe90dcd97f5aac63b53c97981b96429b834479b461c88
SHA1 hash: f56e3029d26b918faad566c5302bb0b9207df90b
MD5 hash: 81c85d34f5ae9d8244cf33eb21769f58
humanhash: minnesota-apart-autumn-sixteen
File name:Dogovor + schyot za maj.exe
Download: download sample
Signature Pony
Create hunting rule
File size:234'560 bytes
First seen:2020-06-08 07:58:14 UTC
Last seen:2020-06-08 14:51:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 90e686cb1a06673cf496ecb60df264c9 (1 x Pony)
ssdeep 1536:GYG1cb4KdccyqPkBcXP2Efcyi0pfe/kkOzn+5SVn9kakdx:DGW4KOL0pcWp0kkOznPVn9kakdx
Threatray 145 similar samples on MalwareBazaar
TLSH E234C184A8E7C939DD31D47B94D1E5124532B9E33F74EE4B33987946E926AE9B000E33
Reporter abuse_ch
Tags:exe Pony

Code Signing Certificate

Organisation:FZTGPOSILABREJWBRA
Issuer:FZTGPOSILABREJWBRA
Algorithm:sha1WithRSA
Valid from:Jun 6 12:43:32 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -7D4870B1DDC05D40BF102D75E6E1221E
Thumbprint Algorithm:SHA256
Thumbprint: 7F0140CEC9A5FA264841BA9FAA82A3D16BB418F4AFF2549682DD4154965E363F
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing Pony:

From: Виктория Ефремова <lezhnin@mostotrest.com>
Reply-To: Виктория Ефремова <anastastbobrova46@rambler.ru>
Subject: =?utf-8?B?0JTQvtCz0L7QstC+0YAgKyDRgdGH0ZHRgiDQv9C+0L3Q?==?utf-8?B?tdC00LXQu9GM0L3QuNC6?=
Attachment: Dogovor + schyot za maj.001 (contains "Dogovor + schyot za maj.exe")

Pony C2:
http://151.80.194.90/p/z05857687.php

Intelligence

File Origin
# of uploads :
3
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.Trojan.Diple.7306.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 08:00:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=igena2vzjkeih7kimszwsalimso6n4noq3mlfrvco6hx6rvgbyba._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
0450362396084be91d1e47155b5af737c50d349315689bc538f09c1ef0593b00
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
Pony
9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
Pony
9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
Pony
db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7
Pony
e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf
Pony
fb30601d90268e316d5bbbe9e78bc1ad8acb4fe262d66b0a3f403425ad78f15b
Pony
+ 135 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 4a51c396669abec87001ad88e02a281d417e1c42fb5da3e6286752e9aaadb0b4

Pony

Executable exe 4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02

(this sample)

  
Dropped by
MD5 430e6bf94d77f42972437b36320f41b9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4a51c396669abec87001ad88e02a281d417e1c42fb5da3e6286752e9aaadb0b4

Comments