MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c66adf5bee7143defd20b1b290e86c298d1df2f22e11c49412e2c7d65419602f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c66adf5bee7143defd20b1b290e86c298d1df2f22e11c49412e2c7d65419602f
SHA3-384 hash: d033cd298c2a8b8d0fe0f96a57d1df73f5054af45f45b000cc040cac551bb395526a88d9792fe17a995fca8135c074b4
SHA1 hash: ff34cded4c999c5869d01c4c127fb73fd4868e6f
MD5 hash: f794c67559592419ca909fd193b48f84
humanhash: colorado-twenty-zulu-twenty
File name:ORIGINAL BILL OF LADDING_PDF.gz
Download: download sample
Signature Pony
Create hunting rule
File size:489'102 bytes
First seen:2020-07-20 07:33:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Elf5YdSqxuJf+XZ4YfdkYA4iUL3TBZ0UPNclBSopS:Ufhf+XZqT3UVopS
TLSH 84A423866B87111394F3137F56FBEA8BA3A85005F213C08F528BF6D81C8D5B6DAA475C
Reporter abuse_ch
Tags:Downloader.Pony gz Maersk Pony


Avatar
abuse_ch
Malspam distributing Downloader.Pony:

HELO: ip-102-236-static.velo.net.id
Sending IP: 222.165.236.102
From: MAERSK LINE <aming@sinokor.co.id>
Subject: RE: Shipment Update
Attachment: ORIGINAL BILL OF LADDING_PDF.gz (contains "ORIGINAL BILL OF LADDING_PDF.exe")

Pony C2:
http://smkrantimula.sch.id/ek/panelnew/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
753
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c66adf5bee7143defd20b1b290e86c298d1df2f22e11c49412e2c7d65419602f/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 07:35:08 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzvn6w7oofb557jawgzjb2dmfggr34xsfyi4jfas4ld5mvazmaxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c66adf5bee7143defd20b1b290e86c298d1df2f22e11c49412e2c7d65419602f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

gz c66adf5bee7143defd20b1b290e86c298d1df2f22e11c49412e2c7d65419602f

(this sample)

Pony

Executable exe 311d544af2d68a7cc2b4b72fc0daf60b888f060fe185eb1f6771b498d025cf16

  
Dropping
MD5 8834c2e853ca17ff0e5bac717c3db46a
  
Dropping
Downloader.Pony
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 311d544af2d68a7cc2b4b72fc0daf60b888f060fe185eb1f6771b498d025cf16

Comments