MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
SHA3-384 hash: 71256c0401631da88136d187b1f15ccfd24077ccc20c535d0cc7476616ecdd581a5a947c9cff6e056a87952f7fdd9133
SHA1 hash: a4490e367b270d7ae93729de7226ccffd237fbc3
MD5 hash: 447a3d69bee5efc38c626872e399ada8
humanhash: orange-harry-aspen-social
File name:9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
Download: download sample
Signature Pony
Create hunting rule
File size:288'832 bytes
First seen:2020-06-03 09:04:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d79c2811b7c08c5d5384b1b94054398 (1 x Pony)
ssdeep 1536:i/OwYuOlMkGbCQIg2VLew4jN2YxfVOmJLSacOEeXP7gs0s:JwYuO6k/QI5CwQHVOhxOEeXPws
Threatray 248 similar samples on MalwareBazaar
TLSH 4F5427EEB2B7CD91CCA08036095286D21774BEA12B2683BFB54B7D5DF83C1B5B324645
Reporter raashidbhatt
Tags:exe Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fakeav
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 07:49:00 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tptokx7xljfik4muaqiwpdkscilpyc6wds7j2be6cdp5ig65op6a._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
0450362396084be91d1e47155b5af737c50d349315689bc538f09c1ef0593b00
Pony
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
Pony
9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
Pony
db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7
Pony
e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf
Pony
fb30601d90268e316d5bbbe9e78bc1ad8acb4fe262d66b0a3f403425ad78f15b
Pony
+ 238 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-as5rqexyhs/
Behaviour
Runs ping.exe
Script User-Agent
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments