MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf7471bf20a912dee57c05c49de084529a20114bfed290966cd750ff5283920e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf7471bf20a912dee57c05c49de084529a20114bfed290966cd750ff5283920e
SHA3-384 hash: 94fa3959303e9c6db733750fe4abb0796c4f619104107a8b80d0abf50bc57f32f7d1516cc15694ae5c648a179484e0f6
SHA1 hash: c3578fe975a4104d7b320afbd72e5b0e83461c6b
MD5 hash: 015403617714d98b12b388390966235e
humanhash: equal-whiskey-skylark-happy
File name:bankdetails.rar
Download: download sample
Signature Pony
Create hunting rule
File size:387'493 bytes
First seen:2020-08-03 12:46:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:B7x6D03r7CV3nFi4ZeoaSmO+a/xoTvh1qVl0bFfTtZOVe03tFsU3ZycYYlmPCa:B1DCnFiSESmj0czqVl0dtZOVewTsyZm7
TLSH BF8423CAE275526BB4EC5AE109F273C566ED9D40A8F72D019AC21CFB7645E33CAB500C
Reporter abuse_ch
Tags:Downloader.Pony Pony rar


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: ptmatsuo.co.id
Sending IP: 202.74.72.84
From: Richard Wyllie <richardwyllie14@gmail.com>
Reply-To: richardwyllie14@gmail.com
Subject: BANK DETAILS
Attachment: bankdetails.rar (contains "bankdetails.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
754
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf7471bf20a912dee57c05c49de084529a20114bfed290966cd750ff5283920e/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 12:48:09 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x52hdpzavejn5zl4axcj3yeekkncaekl73jjbftm25ip6uudsiha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf7471bf20a912dee57c05c49de084529a20114bfed290966cd750ff5283920e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar bf7471bf20a912dee57c05c49de084529a20114bfed290966cd750ff5283920e

(this sample)

Pony

Executable exe a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f

  
Dropping
MD5 c90065b7703d0c005d9fd6895faf7c71
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f

Comments