MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c83ffb90747aeeb7f76bf991cee403487725509a30e49a2771afe23e5b5b26b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c83ffb90747aeeb7f76bf991cee403487725509a30e49a2771afe23e5b5b26b
SHA3-384 hash: f854333e9e90f8a4e027fcb39d1faefe640d25f6379d0b74fb06c1cde28778b7d60442894527f8595656a4a4bbb52bfd
SHA1 hash: 32efe48149bad9bf6b12b0be31035cb35caf715c
MD5 hash: 341c680bfc73a3e2b36090917c9832dd
humanhash: nineteen-oven-violet-echo
File name:QUOTATION_242020,9.pdf.gz
Download: download sample
Signature Pony
Create hunting rule
File size:412'842 bytes
First seen:2020-09-25 13:19:28 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:8I0KzUKSJ2NCa+0gudVak04iC7QhQU5IDd:R0Kz7JCOdVZ04beQMQd
TLSH E994234C80E54672ACECB937445702A4C11B21FB8D4A790A5EBF22F67547882EFDC67B
Reporter abuse_ch
Tags:gz Pony


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mxten.stunnermedia.com
Sending IP: 66.115.170.52
From: MD Moin <purchase@darwish-tdg.qa>
Reply-To: purchase@darwish-tdg.qa
Subject: Request For Quotation.
Attachment: QUOTATION_242020,9.pdf.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
833
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c83ffb90747aeeb7f76bf991cee403487725509a30e49a2771afe23e5b5b26b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-09-25 13:03:34 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lsb77oihi6xow73wx6mrz3sagsdxevijumhetitxdl7chznvwjvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c83ffb90747aeeb7f76bf991cee403487725509a30e49a2771afe23e5b5b26b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 5c83ffb90747aeeb7f76bf991cee403487725509a30e49a2771afe23e5b5b26b

(this sample)

Pony

Executable exe 4fa025c960fee9b41e855d025dcbb7e296c157dd30f42b924637f763e4a3c0ce

  
Dropping
MD5 8b88f2fbdc3a518dc989a33667ef5ba9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fa025c960fee9b41e855d025dcbb7e296c157dd30f42b924637f763e4a3c0ce

Comments