MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c298f7303265f23650620b22bb2804f21227ceb7e36c85c44b9de6484c9310ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c298f7303265f23650620b22bb2804f21227ceb7e36c85c44b9de6484c9310ce
SHA3-384 hash: f52e9be4f77c8d8b77e2c0b58d706524344e0700b896dd130123930424c4a28b945936d54a77b7bf2e845da1fd471052
SHA1 hash: 6ebd0b075a58240edde5f777254e7b96dde3f9e1
MD5 hash: 43486ca5b7904dd5f0b0a7237efe0842
humanhash: autumn-low-mango-lima
File name:TNT E-Invoicing.gz
Download: download sample
Signature Pony
Create hunting rule
File size:395'451 bytes
First seen:2020-10-28 15:12:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:dU7PqCjiotB5UusBLVCallLXr39ueQH6ScoTLgt5IrRuupk17zolzWD1k:GbLeuuVCalBr3AGSFLgtGrRuQqow+
TLSH 4784233D348181737C98B1A009518FC8D2FDFAD60E96C5A1AA9AC6BCDFFA1A2D950531
Reporter abuse_ch
Tags:gz Pony TNT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-gate5.qwords.net
Sending IP: 43.252.136.13
From: TNT Express <einvoicing.admin.sg@tnt.com>
Reply-To: TNT EXPRESS <customerservices@tnt.com>
Subject: TNT E-Invoicing Notification Consignment No: 0468356427 - URGENT
Attachment: TNT E-Invoicing.gz (contains "TNT E-Invoicing.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
725
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c298f7303265f23650620b22bb2804f21227ceb7e36c85c44b9de6484c9310ce/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 10:39:41 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykmpombsmxzdmudcbmrlwkae6ijcptvx4nwilrcltxteqtetcdha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz c298f7303265f23650620b22bb2804f21227ceb7e36c85c44b9de6484c9310ce

(this sample)

Pony

Executable exe 4d9ba9f2d2a2085cbdafebb0dc4b73058f45c4b86631d8fc11240e132a1e1d0d

  
Dropping
MD5 2c793828aef4e77702ec1ae76eaa1ef6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d9ba9f2d2a2085cbdafebb0dc4b73058f45c4b86631d8fc11240e132a1e1d0d

Comments