MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75e1a052a1de345db43373fdda76ed662483bb87c9f797cbcc0c1229f45a969e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75e1a052a1de345db43373fdda76ed662483bb87c9f797cbcc0c1229f45a969e
SHA3-384 hash: 31630defd417c77aa71757f79897720da59241db5a081f69f5a72ea774d17e41ff38b09d23b5f5156d22de05d3f8b250
SHA1 hash: 4aed98b0c5e74a290a456edb5ad2d02eb97fb973
MD5 hash: 053312e213f457589b1943ac99456506
humanhash: kentucky-cup-wolfram-high
File name:Shipment Airway Bill_pdf.gz
Download: download sample
Signature Pony
Create hunting rule
File size:540'867 bytes
First seen:2020-08-31 05:51:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:nbaQy4CRMfIlklhdlfCAMs7FAw3Gf4bQDFw5n:neQNC4IlGPJFV3GfPFwB
TLSH E9B4234CBA9EF96F2B9DD24EC8F6B77AE4C001AD8432E9236372E411495C606161DC7F
Reporter abuse_ch
Tags:DHL gz Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: bears.unisonplatform.com
Sending IP: 162.219.249.125
From: DHL EXPRESS <worldwide@dhl.com>
Subject: DHL Express Consignment Notification: You have A Package With Us
Attachment: Shipment Airway Bill_pdf.gz (contains "Shipment Airway Bill_pdf.exe")

Pony C2:
http://blueair.com.vn/scott/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
920
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Smdd-6956905-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

PUA.Win.Adware.Webalta-6879873-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader34.29944.17906.10656.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75e1a052a1de345db43373fdda76ed662483bb87c9f797cbcc0c1229f45a969e/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-08-30 22:42:40 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oxq2auvb3y2f3nbtop65u5xnmysiho4hzh3zps6mbqjct5c2s2pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/75e1a052a1de345db43373fdda76ed662483bb87c9f797cbcc0c1229f45a969e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 75e1a052a1de345db43373fdda76ed662483bb87c9f797cbcc0c1229f45a969e

(this sample)

Pony

Executable exe be2574eff410b1b63255c93f82e398c50b7af0f7431786e49b1dc922fbb5a910

  
Dropping
MD5 8842ab4d1c104bca252908f93d85094e
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be2574eff410b1b63255c93f82e398c50b7af0f7431786e49b1dc922fbb5a910

Comments