MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
SHA3-384 hash: 71a3aa9f059147e68985b56bdfacf082c6b634909b55fe38a7d1f2384c72846806577ed45e34f1e393651678532edb0d
SHA1 hash: f9e2b955cd1d0a06b42575ec8bd888b57c56b94a
MD5 hash: 0ab9a386e291da4b289f813aff6622a7
humanhash: mexico-stream-sweet-football
File name:Dokumenty nachalo iyunya.exe
Download: download sample
Signature Pony
Create hunting rule
File size:159'808 bytes
First seen:2020-06-17 06:24:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 95a9c2e6348e267811c952ce3215b539 (1 x Pony)
ssdeep 3072:SNHL0pcWp0kkOznPVnkLrvzwbFI+X9ebnD:CHwcekOzntnkPvzwxt2D
Threatray 145 similar samples on MalwareBazaar
TLSH 37F305B7E5FFBDB5DC635971A472C2624523A81237E4DE3B315A280A1E606D2FC11B23
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: smtpout8.sweb.ru
Sending IP: 77.222.41.119
From: Маргарита Петухова <lpu1502@neftcrb.ru>
Reply-To: Маргарита Петухова <anastastbobrova49@rambler.ru>
Subject: Акты сверки конец мая
Attachment: Dokumenty nachalo iyunya.001 (contains "Dokumenty nachalo iyunya.exe")

Pony C2:
http://51.254.87.67/p/z05857687.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19150/
Detection(s):
SecuriteInfo.com.FileRepMalware.19491.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:26:06 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pt3sxlqqv6tz4u3tcuydxqh72svvcwiqendydakypfvuubljeqbq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
0450362396084be91d1e47155b5af737c50d349315689bc538f09c1ef0593b00
Pony
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
4bb2312117a9cca54bbb57f052f7a012d1971b1895fee03e35f6b657ac506bd1
Pony
9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
Pony
9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
Pony
db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7
Pony
fb30601d90268e316d5bbbe9e78bc1ad8acb4fe262d66b0a3f403425ad78f15b
Pony
+ 135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/200624-974wsymyba/
Behaviour
Runs ping.exe
Script User-Agent
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ce99966c965b9721de1b02481282678f

Pony

Executable exe 7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403

(this sample)

  
Dropped by
MD5 ce99966c965b9721de1b02481282678f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/19150/

Comments