MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 607976ecb6ae8202d98ff52def53ce73ece753a830bf55d9c638c10bbe06574c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 607976ecb6ae8202d98ff52def53ce73ece753a830bf55d9c638c10bbe06574c
SHA3-384 hash: 42515912192123230a53137fa495d74cda0f442edf60ff00c8a2d21680d601b37f1bd13218d70da822570518c6df1d95
SHA1 hash: 6b1ef7df6d78467d1579c0d33baa235550ec8307
MD5 hash: bc3a92b227d00c00e2ed4fa73e352b4e
humanhash: bulldog-mobile-whiskey-nebraska
File name:607976ecb6ae8202d98ff52def53ce73ece753a830bf55d9c638c10bbe06574c
Download: download sample
Signature Pony
Create hunting rule
File size:229'376 bytes
First seen:2020-03-24 07:33:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24d9087edb30b59a5e0ef6448475e573 (1 x Pony)
ssdeep 1536:4Jh04hxNkZ0DWpCFe83pF5m40T2PM1jcwaUfRFLEMCX7lIzBbDpQmGOrWUJ3F5hd:0hTXD6CFeCRmv2PYw/yK5YKOrW6Eqwy
TLSH 7A249E12A07AC691F736BE32A673561A3903D227893F294AC615053E1B373C1AD2F7D7
Reporter Marco_Ramilli
Tags:exe Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBEmailGen-6231041-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2017-03-30 05:17:59 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe 607976ecb6ae8202d98ff52def53ce73ece753a830bf55d9c638c10bbe06574c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/250599/
  
URLhaus
https://urlhaus.abuse.ch/url/250605/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments