MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
SHA3-384 hash: 6110a1d63a1f09b5f2a8336ae02d27f32306a86c7c9d82152056ac38fb242d16502b975ebeefa31aa88e1d88563cc96a
SHA1 hash: 3c2247ddaeae69ea1c1f0014b5d598e48ad0bb81
MD5 hash: 6dbcd65ce9577036c49d104e313f8a2c
humanhash: jig-virginia-asparagus-oranges
File name:Spisok dok-ov za maj.exe
Download: download sample
Signature Pony
Create hunting rule
File size:177'216 bytes
First seen:2020-06-15 13:45:39 UTC
Last seen:2020-06-15 15:26:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6abe9c5e1ac1c31471d5a410ef357465 (1 x Pony)
ssdeep 3072:XSL0pcWp0kkOznPVnWxRCrvzwbFI+tsqYah9ebnkDw:iwcekOzntnyMvzwxt0a4kc
Threatray 144 similar samples on MalwareBazaar
TLSH 0A04F3C079E7ED26DC615573A8A181A28622FC7DF6E0DEDB31C8792B29335D98413B13
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: mail.itch.ru
Sending IP: 77.240.144.162
From: Владислава Яковлева <garage@chuvashia.ru>
Reply-To: Владислава Яковлева <anastastbobrova48@rambler.ru>
Subject: Пакет документов 15е июня
Attachment: Spisok dok-ov za maj.001 (contains "Spisok dok-ov za maj.exe")

Pony C2:
http://137.74.157.159/p/z05857687.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10467/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.54205.31367.28638.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 09:15:42 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=twrpzdqx372rvu66j34766gudfv5kmfevkuohqd6qhsw355fyjaq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
0450362396084be91d1e47155b5af737c50d349315689bc538f09c1ef0593b00
Pony
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
4bb2312117a9cca54bbb57f052f7a012d1971b1895fee03e35f6b657ac506bd1
Pony
7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
Pony
9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d67bc999b9c89a4c2ccd9832b42accf936e6b4403d27226c8de973ec0987d945
Pony
db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7
Pony
fb30601d90268e316d5bbbe9e78bc1ad8acb4fe262d66b0a3f403425ad78f15b
Pony
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-hvy7flfsqe/
Behaviour
Runs ping.exe
Script User-Agent
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar a0ee6b63b41a8bc598ee5a390b844c94cf7d9d7c152a4caf64fe7751f7a029ab

Pony

Executable exe 9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241

(this sample)

  
Dropped by
MD5 a6aa986aebc1e33d6a4d83ef0047277a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a0ee6b63b41a8bc598ee5a390b844c94cf7d9d7c152a4caf64fe7751f7a029ab
Cape
Cape
https://www.capesandbox.com/analysis/10467/

Comments