MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pony

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
SHA3-384 hash:	b27cc3af6d76dedc07188ad4c693f9b5991e276c9cd52793da8a77df482517ffb275063147c3190589c89ad6d4eeb6f6
SHA1 hash:	92435fca95f424602c5cc2e2136ae6fc333365cd
MD5 hash:	7acccfba0e00db5e54b1c3833ddce9d0
humanhash:	beer-magnesium-robert-washington
File name:	Pasportnye dannye za maj.exe
Download:	download sample
Signature	Pony Create hunting rule
File size:	194'112 bytes
First seen:	2020-05-28 07:01:41 UTC
Last seen:	2023-08-29 12:57:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d67c2b7686090c9aaf6757a7cdcc09e7 (1 x Pony)
ssdeep	3072:6z96YK/ezq0ySUW0Rza48+sqYaOfVVVVV5:gQNMDUHyfamVVVVV5
Threatray	144 similar samples on MalwareBazaar
TLSH	4914F7E221C7CCF9F5D5393E902D0695B226EDFA3ECC76762995340627322B184B4B36
Reporter	abuse_ch
Tags:	exe Pony

Code Signing Certificate

Organisation:	JWQSSHDYMXVMKUSGMT
Issuer:	JWQSSHDYMXVMKUSGMT
Algorithm:	sha1WithRSA
Valid from:	May 19 15:18:25 2020 GMT
Valid to:	Dec 31 23:59:59 2039 GMT
Serial number:	-63E80439CBDFA744B8A96210E15E1BDE
Thumbprint Algorithm:	SHA256
Thumbprint:	59CAD4B996A20DE85068581BF8F2B11BF9E1D84318205911AC027B7CA34EE3CE
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

abuse_ch

Malspam distributing Pony:

HELO: mail.raffer.ru
Sending IP: 37.18.35.45
From: Жанна Родионова <evstropova@raffer.ru>
Reply-To: Жанна Родионова <anastasbobrova66@rambler.ru>
Subject: =?utf-8?B?0JTQsNC90L3Ri9C1INC00LvRjyDQtNC+0LLQtdGA0LXQ?==?utf-8?B?vdC90L7RgdGC0LXQuSDQt9CwINC80LDQuQ==?=
Attachment: Pasportnye dannye za maj.001 (contains "Pasportnye dannye za maj.exe")

Pony C2:
http://142.202.190.55/p/z05857687.php

Intelligence

File Origin

# of uploads :

# of downloads :

139

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.Cerber-AL.23857.19310.UNOFFICIAL

Result

Threat name:

Fareit Pony

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/364001

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win32.Trojan.Cerber

Status:

Malicious

First seen:

2020-05-28 07:07:39 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 31 (70.97%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware

Link:

https://tria.ge/reports/201109-2n28b5teqj/

Behaviour

Runs ping.exe

Script User-Agent

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

7e09e433f1170380fab49d79cab2078e

Pony

exe cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e

(this sample)

Dropped by

MD5 7e09e433f1170380fab49d79cab2078e

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample