MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 864a6d6f6c1e89840aa1ed3671b57c5d9b995ea90f1d8e8594ea3a7a745b7e60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 864a6d6f6c1e89840aa1ed3671b57c5d9b995ea90f1d8e8594ea3a7a745b7e60
SHA3-384 hash: 476f1d667cdff112714856e3e5d1bcf8f72275e45f1abfdaac523f19a24d62e55bf7bb0e558e43a63d66d41d4d8c01cc
SHA1 hash: c6e8196d5bcdd19caef5ceb5f1d2573480242736
MD5 hash: 8dff8d628866f14fa8c53797b6769b9a
humanhash: pluto-muppet-vermont-avocado
File name:order details.EXCEL.XLSx.xls.io.rar
Download: download sample
Signature Pony
Create hunting rule
File size:213'067 bytes
First seen:2020-07-07 09:22:16 UTC
Last seen:2020-07-07 13:33:43 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:3JwRYzDhn55oBlndax31smmIsf8ocpr0Uu0uOim6Bl8MkGgDTje:3KKz10alSmmIHaG6XW5HC
TLSH D82422F100B1275F248A86AD5AA1E1ADBDC32DE0F3F324415C61F5A55DE05393ECB89B
Reporter abuse_ch
Tags:Pony rar


Avatar
abuse_ch
Malspam distributing Pony:

HELO: wyndhamvale.hosting-cloud.net
Sending IP: 103.146.113.48
From: Martin Hrašč <Andrew.Cohen@materion.com>
Subject: PO
Attachment: order details.EXCEL.XLSx.xls.io.rar (contains "order details.EXCEL.XLSx.xls.io.exe")

Pony C2:
http://kanavagronomy.in/star/panel/gate.php

Intelligence

File Origin
# of uploads :
25
# of downloads :
781
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/864a6d6f6c1e89840aa1ed3671b57c5d9b995ea90f1d8e8594ea3a7a745b7e60/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:24:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzfg233md2eyicvb5u3hdnl4lwnzsxvjb4oy5bmu5i5hu5c3pzqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 864a6d6f6c1e89840aa1ed3671b57c5d9b995ea90f1d8e8594ea3a7a745b7e60

(this sample)

Pony

Executable exe d1c9b6cc284f964d7a65df78137c404f2d24562354681f64433c7e2f25e30588

  
Dropping
MD5 140e89a0319fc70aa12f5523cb2df432
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1c9b6cc284f964d7a65df78137c404f2d24562354681f64433c7e2f25e30588

Comments