MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149
SHA3-384 hash: b8b0e991e6436c941e63224ad38fb1c968e3e1949bf7c5e7801868a6e1888078ee1f1ae3f4d52e05df446aa80ba9c3f5
SHA1 hash: 181c93ea4bd30833aedc06dc801952714bbeee9b
MD5 hash: a74dbc342d064a430478d31aacaaaced
humanhash: wisconsin-mango-seventeen-oklahoma
File name:4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149
Download: download sample
Signature Pony
Create hunting rule
File size:585'216 bytes
First seen:2020-11-11 11:08:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 11de4653e0d375638864e33af2182820 (2 x Pony, 2 x Loki)
ssdeep 12288:dmgmEJt5zCREPKfgCfwfYMrvRLTUB9j0uh97sgxVP808:k8TxCREifgCf8rvJTo94MVP
Threatray 131 similar samples on MalwareBazaar
TLSH DBC48E2EB2A04C7BD1E32A79CC17C7A86831BD503D2B65457BF55D08BF39E91381A293
Reporter seifreed
Tags:Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
374
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Reading critical registry keys
DNS request
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Stealing user critical data
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:10:28 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j64nyn63cajtzzjnq2bei5y7mizpn3455mqp2q2uv4pphm3oefeq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
23e3757121ff1a0c053d2dc66651ad8e2152373724a8091c56a7fae203401cab
Pony
4d9ba9f2d2a2085cbdafebb0dc4b73058f45c4b86631d8fc11240e132a1e1d0d
Pony
4fa025c960fee9b41e855d025dcbb7e296c157dd30f42b924637f763e4a3c0ce
Pony
5592f091a845c7e32d8c66d5efa561fa9d0ce09c88a54927f8f43ca31373cf93
Pony
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
Pony
98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5
Pony
b01bb1b0f8138c7ce50860cd5218554d6b049d0862ec48a4e2076c6e6e309bed
Pony
b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
Pony
e4b839be39665555c0637a45d7835cf5aed0633b9d3b3c72b0c3710555cf2eb0
Pony
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
Pony
+ 121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-lseh9f26kx/
Unpacked files
SH256 hash:
4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149
MD5 hash:
a74dbc342d064a430478d31aacaaaced
SHA1 hash:
181c93ea4bd30833aedc06dc801952714bbeee9b
Link:
https://www.unpac.me/results/3c20af92-6091-4e15-8197-d7ddd90351f7/
SH256 hash:
eef383ab273ad64f3a9ac927b1ac01b9b204b1a8ac456a005b59af32e7502be4
MD5 hash:
384df8d5b987c5aa6c0a7f1aa0d415bf
SHA1 hash:
26ddcd77af862c054608bdadd1ac34808185680f
Detections:
win_pony_g0
Create hunting rule
win_pony_auto
Create hunting rule
Link:
https://www.unpac.me/results/3c20af92-6091-4e15-8197-d7ddd90351f7/
Parent samples :
4fb8dc37db10133ce52d868244771f6232f6ef9deb20fd4354af1ef3b36e2149
b01bb1b0f8138c7ce50860cd5218554d6b049d0862ec48a4e2076c6e6e309bed
cf857e8a28a380c5e001013c6fd13a67f02782a84829801b12079048e8d86cf0
76f96173c9f07ead9a330ac935b73f5f695933f7b014bd4b51c13695119f3cec
a8748c739e91e0be7301e29fdc33f6054a0db6f6b949dbedcc188b3dc97be92c
859936cf64b25cbf05d8d910b98ff8ebbb721649c9c01652787c27a38c8000d7
dfa87a6c76a74ba5bc6a291455a12ad1f7f70beeb3ae505dab167d7d6baef5b8
f055effd1f500e383d3d28270462d1930f7234d893d447ad47eed90dfdccabc4
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments