MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pony

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
SHA3-384 hash:	eded2fadc2a0a88052300dc01eba9956c811c1a99fc7f08b12603730470d6a46b839da0a75e36ded4cc07f4343b04a68
SHA1 hash:	12c789d04f3feb0e62bdb09ead849a54e2175882
MD5 hash:	4d4a51025d7ac625fbc4243d8043b0e2
humanhash:	item-lake-alabama-cold
File name:	Otsylka za proshlyj i za etot mesyac.exe
Download:	download sample
Signature	Pony Create hunting rule
File size:	184'896 bytes
First seen:	2020-05-27 11:54:50 UTC
Last seen:	2020-05-27 13:17:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7fd1635592875f20f32ecd49c75b512f (1 x Pony)
ssdeep	1536:feeSYFlMkGbCQIg2VLew4jN2YxfVOm+BzxMU7gAhAN4MhA1AN4MhA1T89T:G06k/QI5CwQHVOlpy4ANPMANPMTO
Threatray	145 similar samples on MalwareBazaar
TLSH	55044CC3B442A86FF8CE057B7489CEB3A1E15CA20A47694335B83FA67F212D163C5567
Reporter	abuse_ch
Tags:	exe geo Pony RUS

Code Signing Certificate

Organisation:	GVMOXNIIPFNCWPOVZJ
Issuer:	GVMOXNIIPFNCWPOVZJ
Algorithm:	sha1WithRSA
Valid from:	May 27 04:10:21 2020 GMT
Valid to:	Dec 31 23:59:59 2039 GMT
Serial number:	70ECC201A963BCAB46EF056B39BFF5EF
Thumbprint Algorithm:	SHA256
Thumbprint:	74CEA86A273E6818E7BBFB62FB0856680B801802B4DF2F7DB007F1B5F4CC8003
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

abuse_ch

Malspam distributing Pony:

HELO: ds13.centre.ru
Sending IP: 194.67.34.87
From: zakaz@grassco.ru
Reply-To: anastasbobrova65@rambler.ru
Subject: Рассылка за этот месяц
Attachment: Otsylka za proshlyj i za etot mesyac.001 (contains "Otsylka za proshlyj i za etot mesyac.exe")

Pony C2:
http://142.202.190.43/p/z05857687.php

Intelligence

File Origin

# of uploads :

# of downloads :

151

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.Cerber-AL.25198.17005.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Grp

Status:

Malicious

First seen:

2020-05-27 12:38:47 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 31 (67.74%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

9/10

Tags:

cryptone packer spyware

Link:

https://tria.ge/reports/201109-yhwfk62rdn/

Behaviour

Runs ping.exe

Script User-Agent

Suspicious use of WriteProcessMemory

Deletes itself

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Pony

rar 9ff286f4a4938d6f49156f8dd7303c12ad904c3e73cd1f223a56260e7604658b

Pony

exe d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233

(this sample)

Dropped by

MD5 0612de406b07b1c155f4931a61644b43

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 9ff286f4a4938d6f49156f8dd7303c12ad904c3e73cd1f223a56260e7604658b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample