MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65163c2a5608d66d615a284943d5ebf811a78e6ecebec47835b4680a19d07518. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65163c2a5608d66d615a284943d5ebf811a78e6ecebec47835b4680a19d07518
SHA3-384 hash: d88a5cd0a9589b7147e2567cdb1b02cd8d5282998e85c48c27dce2b14a2a0150f174776b7151c0f6e5646707f5a19551
SHA1 hash: 9e937f904319dbc8d7d8cdef81119ded0db96093
MD5 hash: e35bc27eaa316431da022774ad0b9ab7
humanhash: magnesium-three-nevada-five
File name:Akt sverki nachalo iyulya.exe
Download: download sample
Signature Pony
Create hunting rule
File size:1'021'968 bytes
First seen:2020-07-03 08:30:14 UTC
Last seen:2020-07-03 09:52:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 90dc9de88d5e2f88f5b65eb92c1a7080 (1 x Pony)
ssdeep 3072:62NTuo0ILAuHv5B6YK/5AhNSiMM+WSz48GhF3AoY35ILRI:6UuGUYv5MN5ILMUcAF3C5B
TLSH 7125BE8662AF8D73FC6B363C58722A124617FCA08F34A24E26D0B99D25747C54CF57A2
Reporter abuse_ch
Tags:Downloader.Pony exe Pony


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: szugan.ru
Sending IP: 84.17.13.118
From: Жанна Медведева <turkova@szugan.ru>
Reply-To: Жанна Медведева <tarasovaek55@rambler.ru>
Subject: Сверка 3е июля
Attachment: Akt sverki nachalo iyulya.001 (contains "Akt sverki nachalo iyulya.exe")

Pony C2:
http://139.180.214.192/p/z05857687.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
472
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.9698.6955.UNOFFICIAL
Create hunting rule

Detection:
pony
Create hunting rule
Link:
https://mwdb.cert.pl/sample/65163c2a5608d66d615a284943d5ebf811a78e6ecebec47835b4680a19d07518/
Threat name:
Win32.Trojan.Yakes
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 08:32:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=muldykswbdlg2yk2fbeuhvpl7ai2pdtoz27mi6bvwruaugoqouma._file
Verdict:
unknown
Result
Malware family:
pony
Create hunting rule
Score:
  10/10
Tags:
spyware discovery rat stealer family:pony
Link:
https://tria.ge/reports/200703-xf34petps2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Script User-Agent
Checks for installed software on the system
Accesses cryptocurrency wallets, possible credential harvesting
Deletes itself
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Pony,Fareit
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 2beab06a68f9fe2dbe40ae26497b0226293b67acc89d496b6863594dfd023597

Pony

Executable exe 65163c2a5608d66d615a284943d5ebf811a78e6ecebec47835b4680a19d07518

(this sample)

  
Dropped by
MD5 8c4c1918414c907d3543762c26f66bc4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2beab06a68f9fe2dbe40ae26497b0226293b67acc89d496b6863594dfd023597
Cape
Cape
https://www.capesandbox.com/analysis/18663/

Comments