MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81e4e55c3b927e248c48e3c5414509e7808755d74b3504b709fbdfecba19f613. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pony

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	81e4e55c3b927e248c48e3c5414509e7808755d74b3504b709fbdfecba19f613
SHA3-384 hash:	72f9dd53362ff6c2108904da4952fac6f265320e37de8f8fb4da42e0f72e8d9a90cede5dd9cf0cded834ef9e6ed70b9e
SHA1 hash:	a10ba4d7dec31e6300f45fb8b9053aceefddc56f
MD5 hash:	cb71c96519abaa4710d85f703b198ea7
humanhash:	dakota-arizona-fix-may
File name:	Perechen' 09.04.exe
Download:	download sample
Signature	Pony Create hunting rule
File size:	150'016 bytes
First seen:	2020-04-13 17:11:22 UTC
Last seen:	2020-04-13 17:49:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	32077885b3eaa3da7eea95ddce2e3ae6 (1 x Pony)
ssdeep	1536:+QIIrD55QS8yBgJ1jbujBg5SIZpIUnDwVlAwTuYb:+QPDejj6jBgIIn8Vz
Threatray	152 similar samples on MalwareBazaar
TLSH	9BE38DCD2AE2F886D0B845773AAD665C1ED5E4C33811FCC5C0B959476398B21FBE068E
Reporter	c_APT_ure
Tags:	Pony

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.35627.17062.20587.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Grp

Status:

Malicious

First seen:

2020-04-09 08:12:10 UTC

File Type:

PE (Exe)

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qhsokxb3sj7cjdci4pcucrij46aiovoxjm2qjnyj7pp6zoqz6yjq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	kernel32.dll::VirtualAllocEx
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryW kernel32.dll::GetVolumeInformationW kernel32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	kernel32.dll::ReadConsoleA kernel32.dll::GetConsoleTitleA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample