MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
SHA3-384 hash: 8831d823ff4d4010f88b1272601fee2646aea9940565cc7315652dc98d640a14ded2315d2006be3f1444769453092122
SHA1 hash: f124305e10683b53f64d06242a6b700b374e74b1
MD5 hash: 13ef9b3dc0eee66c59d9237a23babf41
humanhash: uranus-double-artist-fix
File name:13ef9b3dc0eee66c59d9237a23babf41.exe
Download: download sample
Signature Pony
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:01:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 94fc2678244386207c4fb6b67d1af27e (1 x Pony)
ssdeep 768:AVMXu5mHNB/8+pVgM6Ywi87GEmoJyh4r0FlCTavf2yYAg8qzbEeJ/Em:AVM+stB/8kgM5wiS6h4zTmIzbE
Threatray 943 similar samples on MalwareBazaar
TLSH 9E733A2EBE4440B5F85585B16999E563B72ABC3154065F0B72006E9AF832D87FCF073B
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Pony payload URL:
http://ratamodu.ga/~zadmin/group/pm_FBUoVd204.bin

Pony C2:
http://egamcorps.ga/~zadmin/pmark/pm/info.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7993066-0
Create hunting rule

Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:40:45 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=okohhkyfppawcm5fqlnwip6emvgia3tw7jyntdoyfer3j4myykcq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
Pony
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
Pony
5c28300cdf3427d16bba325ac19073a5ea652183b8ee79cdc979dbcd9727bb27
Pony
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
Pony
a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
Pony
ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
Pony
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
Pony
daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
Pony
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
Pony
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
Pony
+ 933 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ns81hpm98j/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe 729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373113/
  
URLhaus
https://urlhaus.abuse.ch/url/366100/
  
Delivery method
Distributed via web download

Comments