MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c7f07574cab055c63ea7049142a74620ef785befa3b0980cc6ecaf38542fc2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c7f07574cab055c63ea7049142a74620ef785befa3b0980cc6ecaf38542fc2f
SHA3-384 hash: ca674a2c72ba8fa7569b502a01ec48c4b4c41185fd89bfa9a0326b03fbc40be68be724d1376d2827bac148d165819757
SHA1 hash: feb461e3de6b11f90cfd5160896c790d6f315350
MD5 hash: c34d96e81a2d80185fb31fe2979a74fb
humanhash: butter-neptune-mike-mobile
File name:Bank Details_pdf.gz
Download: download sample
Signature Pony
Create hunting rule
File size:342'578 bytes
First seen:2020-06-11 11:14:13 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:cLUaV6kOfEFqTN8U5PG3on83UWPn7FWMNjqNPOdg+4v3UNCCQav4ln4fAkIg7k:cl9KEIxdgo8ZPnZWo+BOdJEd5GAkI9
TLSH C574237A031B84BD44CBF3007AE386EE1D95B3F8DA5D5A15205222EF87349B3985DBD8
Reporter abuse_ch
Tags:Downloader.Pony gz Pony


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: Rafał Gąsior <rafal.gasior@astoria.pl>
Reply-To: Rafał Gąsior <rafal.gasior@astoria-pl.com>
Subject: RE: URGENT-Confirm Account Details/SOA Feb-May
Attachment: Bank Details_pdf.gz (contains "Bank Details_pdf.exe")

Pony C2:
http://shinhan-vina.com.vn/hh/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
452
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Fareit-FTB01777A57860A.4642.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 11:16:08 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rr7qov2mvmcvyy7koberiktumihppbn67i5qtagmn3fphbkc7qxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz 8c7f07574cab055c63ea7049142a74620ef785befa3b0980cc6ecaf38542fc2f

(this sample)

Pony

Executable exe 40bcf1b92cac08e72eb025659bb892a41926ebd655f448ff5544ece312986987

  
Dropping
MD5 333c5d42046282f33ac24bc0a23df993
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 40bcf1b92cac08e72eb025659bb892a41926ebd655f448ff5544ece312986987

Comments