MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ff286f4a4938d6f49156f8dd7303c12ad904c3e73cd1f223a56260e7604658b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ff286f4a4938d6f49156f8dd7303c12ad904c3e73cd1f223a56260e7604658b
SHA3-384 hash: fe65853d424f0d0b80be67063c7e4250aee20c1e78a439979449fab923af5ed396b0c3227f345b371c8c5b88e7cd10e2
SHA1 hash: 191486e6f716f93a6867ef8e510b767dc1e258e4
MD5 hash: 0612de406b07b1c155f4931a61644b43
humanhash: skylark-lemon-social-table
File name:Otsylka za proshlyj i za etot mesyac.001
Download: download sample
Signature Pony
Create hunting rule
File size:64'769 bytes
First seen:2020-05-27 11:54:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:1036Xx9LKeFnsh5zbeDceYw7rxmtvxfWd1LPYM5xqv5t9ocD5QVZzZodYZ1+FzhW:1e6Xx9RIzCPr8vVOYkWwVDPZOzwpZR
TLSH 7B53021F8324A28A2AB1773A43DE939125673EC9D5BC646E0D9313D33E8A17C1173A7C
Reporter abuse_ch
Tags:001 geo Pony RUS


Avatar
abuse_ch
Malspam distributing Pony:

HELO: ds13.centre.ru
Sending IP: 194.67.34.87
From: zakaz@grassco.ru
Reply-To: anastasbobrova65@rambler.ru
Subject: Рассылка за этот месяц
Attachment: Otsylka za proshlyj i za etot mesyac.001 (contains "Otsylka za proshlyj i za etot mesyac.exe")

Pony C2:
http://142.202.190.43/p/z05857687.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
471
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Lolopak
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
68
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 9ff286f4a4938d6f49156f8dd7303c12ad904c3e73cd1f223a56260e7604658b

(this sample)

Pony

Executable exe d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233

  
Dropping
MD5 4d4a51025d7ac625fbc4243d8043b0e2
  
Dropping
Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233

Comments