MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67e7ed3551603dbb12c09c7b37bb6c1d45188436e9c6683d986064dad9649a4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67e7ed3551603dbb12c09c7b37bb6c1d45188436e9c6683d986064dad9649a4f
SHA3-384 hash: 20390381002127e2a923b82aa90a85db75809e2053841b72927ad6249ee0a8acfae3e636919953915f775bc59efd0153
SHA1 hash: 699b82471f00c0b7b2f8d1a7b79fb97e62c28647
MD5 hash: b1e06b3820fa0dd6b4f150b6ba21cc08
humanhash: violet-six-muppet-cup
File name:Document Copy.gz
Download: download sample
Signature Pony
Create hunting rule
File size:368'411 bytes
First seen:2020-06-15 07:43:32 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:fvkzTReQnTcKzZ9HNbMbIjBi3VkJbgur2mehpIhG6Sxr/ESJqC:f2e+Tb9HuN3V9ur2mefXZMOD
TLSH 907423FED1931008FDCF88E56BF56C698B8AA18D6C4700BB7CF664224F865B5B44D18B
Reporter abuse_ch
Tags:Downloader.Pony gz Pony


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: Rafał Gąsior <rafal.gasior@astoria.pl>
Reply-To: Rafał Gąsior <rafal.gasior@astoria-pl.com>
Subject: RE: URGENT-Confirm Account Details/SOA Feb-May
Attachment: Document Copy.gz (contains "gunzipped")

Pony C2:
http://shinhan-vina.com.vn/hh/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
504
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Smdd-6922230-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.EMHC.21704.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 07:45:04 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m7t62nkrma63wewatr5tpo3mdvcrrbbw5hdgqpmymbsnvwletjhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 67e7ed3551603dbb12c09c7b37bb6c1d45188436e9c6683d986064dad9649a4f

(this sample)

Pony

Executable exe 044ead01325ba352582421e78cce54811b6075e28486a8d1f4a9542da786f228

  
Dropping
MD5 e39ed02fe8b90dbcb8ca4e6d7c164554
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 044ead01325ba352582421e78cce54811b6075e28486a8d1f4a9542da786f228

Comments