MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f6d61aae72e86026b0e65e4a499d82a77c4069e0463fb8c9b0697cae522fdb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f6d61aae72e86026b0e65e4a499d82a77c4069e0463fb8c9b0697cae522fdb9
SHA3-384 hash: b190f6ecd56678b1f8dff38321bcdc8d8c91a72493bc3e38ff8383a6cb493c84a111d83ef82e75ddb30dec109c86f928
SHA1 hash: c568b37aca379b06ada3c12dbcef37cc276f26e0
MD5 hash: 09eaef554764c312656197e86d893580
humanhash: purple-comet-eight-fifteen
File name:Purchase Order_92.exe
Download: download sample
Signature Pony
Create hunting rule
File size:114'688 bytes
First seen:2020-04-08 14:06:03 UTC
Last seen:2020-04-08 15:04:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 89458d1a5d6739160beaa250223073c6 (1 x Pony)
ssdeep 768:cYDD8DWjDHtNmd8Ur4u8SiO9zAhgpN32mBUt5bd+Hn4yjNKDLFqIwtr0AW2us5hT:rnMWj7md824pSiO9jN3ZB8wH9jNiy1
Threatray 933 similar samples on MalwareBazaar
TLSH 96B3A575BB40FED0F40199B1693A9EAC41E8BD349D483803FAC6376D35B12E5B899B43
Reporter jarumlus
Tags:Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Rescoms-7653030-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Rescoms
Create hunting rule
Status:
Malicious
First seen:
2020-04-08 17:19:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5wwdkxhf2dae2yomxskjgoyfj34ibu6arr7xde3a2l4vzjc7w4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
Pony
3f180fe3f695de063f953d0c48408aceabbca729b3faa7316926c69650a5f8a4
Pony
4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
Pony
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
Pony
78f2c94c64775acc935a40cf63103e04ed2ace67a20e8eb533f4a3c2f40d2fe9
Pony
8f4147785131b1c4e30710abb80aa3184ce0d070a0bf557a633a8a0eb8d1a77b
Pony
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
Pony
d6330004986cb2968200bad58cb3f1135e2383d9bdf6894feff0f28f952f4c2b
Pony
de129b85c2c4cd0e7d1817d2a8b3095d02ef8880f6273c88c0ff3cd48a9a9dd8
Pony
f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505
Pony
+ 923 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments