MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f
SHA3-384 hash: 901c78b8c56c3b213e363c4c34f340db30d1ef93366bc50af9fa9a7989fe073bdff195b75629858a2e4980fd7fe0b86d
SHA1 hash: 3031865d74158611c89696f4f17f456442663fad
MD5 hash: db4a86de5666afbe587550781be436d6
humanhash: juliet-wolfram-ink-hydrogen
File name:RFQ-DOCSX.zip
Download: download sample
Signature Pony
Create hunting rule
File size:534'561 bytes
First seen:2021-03-21 06:56:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nxtDHy91PXh7jNgPZkF2QJ1oo0/TBF2eE/WgqHWNRWkpDfo:nL41jvF2QQn/T/yjq2rDfo
TLSH 19B423EE63AAF1992C4CE65E31E858666F53D17F15F8934D60EA50BE048C1C0CC2DBB9
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Madiha Rasheed <brianc@bergner.com>" (likely spoofed)
Received: "from bergner.com (unknown [192.30.241.68]) "
Date: "21 Mar 2021 01:16:36 -0500"
Subject: "Request for quotation."
Attachment: "RFQ-DOCSX.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
252
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.1272.18980.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-03-21 06:40:08 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
2 of 47 (4.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvor5hiejc7rymfkakayywsfoozk6xjypsommo7pco6tiefgvqhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

zip 5d5d1e9d0448bf1c30aa02818c5a4573b2af5d387c9cc63bef13bd3410a6ac0f

(this sample)

Pony

Executable exe f0883adc5b8236f709c190d5fef08f4bcca554f9e56c7519eb1d34353348cbe5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0883adc5b8236f709c190d5fef08f4bcca554f9e56c7519eb1d34353348cbe5

Comments