MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b4777539983ed715fee4205a3df914b09c1f68fac75ab7e8e15b3d07b51727d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b4777539983ed715fee4205a3df914b09c1f68fac75ab7e8e15b3d07b51727d
SHA3-384 hash: 4c78e4fd2b3fa4bc18298c65661b998b8d5ec4662bcaaa83a7b3c146c24023440b52c73084a8f0ff3e64e573d1015b11
SHA1 hash: e8d94830ab83d54f9737724538f57f10ca46e11d
MD5 hash: fb7a84ff2aebb7057f496b6bc21434b8
humanhash: north-friend-rugby-texas
File name:Bill of lading Draft.pdf.gz
Download: download sample
Signature Pony
Create hunting rule
File size:484'489 bytes
First seen:2020-07-20 07:41:36 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Cl/a5Pjm1SmSUzlsiC1R3OdduyE4Gf+16SoD7rmELyDwIm:Cl/MPzGzljWReSxa1oDGELim
TLSH 21A423CC504552E09427369B9FD35A63867DC49BF343EFC3B69AE980B92DC188DA47C8
Reporter abuse_ch
Tags:gz Maersk Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: ip-102-236-static.velo.net.id
Sending IP: 222.165.236.102
From: MAERSK LINE <aming@sinokor.co.id>
Subject: RE: Shipment Update
Attachment: Bill of lading Draft.pdf.gz (contains "Bill of lading Draft.pdf.exe")

Pony C2:
http://sikatech.id/ek/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
744
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b4777539983ed715fee4205a3df914b09c1f68fac75ab7e8e15b3d07b51727d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 07:43:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pndxou4zqpwxcx7oiic2hx4rjme4d5upvr22w7uocwz5a62roj6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b4777539983ed715fee4205a3df914b09c1f68fac75ab7e8e15b3d07b51727d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 7b4777539983ed715fee4205a3df914b09c1f68fac75ab7e8e15b3d07b51727d

(this sample)

Pony

Executable exe e044b87f7a7d2a17a7dd8939838407a27d07347f93c5c53d5abaefac8413a7b0

  
Dropping
MD5 b00fa3cd2d02a242f2ed266d60d8c707
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e044b87f7a7d2a17a7dd8939838407a27d07347f93c5c53d5abaefac8413a7b0

Comments