MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e089c955c45652c6fbcec4c870a6cea91ae2958442b10bd439521de8bbc66be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e089c955c45652c6fbcec4c870a6cea91ae2958442b10bd439521de8bbc66be
SHA3-384 hash: 685502d3d2d1a3addc85b6990a7d13daa7708afe3ac2ddbd66d3ca0492906c67aabd3dbeb190c95a76335d00adecfe53
SHA1 hash: 32dcc9c5b3b702b7d5200484fe25bda6da408847
MD5 hash: 709edb28b681be7bfb8345edb88cd6d5
humanhash: enemy-leopard-mirror-single
File name:PO 64774.rar
Download: download sample
Signature Pony
Create hunting rule
File size:281'708 bytes
First seen:2020-06-26 11:38:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:XkSXkRdLp9dJTcXqEyJ2EHswVMA6eEFO8DLjMm2H1n4:XkSXST9DKhidzMNeEdDLjMm2V4
TLSH 9A54235031F0BD16B7865BE42F1C5E61BA19749DA2E832C48433EB52F592F94F2E36D0
Reporter abuse_ch
Tags:Pony rar


Avatar
abuse_ch
Malspam distributing Pony:

HELO: slot0.mcleeria.com
Sending IP: 45.95.169.81
From: "CMP Company (Taiwan) Limited" <info@mcleeria.com>
Subject: Quote-PO 64775 Attached
Attachment: PO 64774.rar (contains "KPAW.exe")

Pony C2:
http://globalex.uz/rot/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
775
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e089c955c45652c6fbcec4c870a6cea91ae2958442b10bd439521de8bbc66be/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 11:40:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyejzfk4ivssy3545rgioctm5ki24kkyiqvrbpkdsuq55c54m27a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 6e089c955c45652c6fbcec4c870a6cea91ae2958442b10bd439521de8bbc66be

(this sample)

Pony

Executable exe 90039768c0de73c07a511aa6eb560df1e33f41bbe3b6753ddbcf6ffc07711169

  
Dropping
MD5 e3bbd3c753df17e7b8392a82330a2bb6
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90039768c0de73c07a511aa6eb560df1e33f41bbe3b6753ddbcf6ffc07711169

Comments