MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7
SHA3-384 hash: cfc1abd0d1fbc1389151a869c3caa5f245fbde5b7dd6346eeb85b8c46deab18b51cd653c7042cd2eeea4660a3596c531
SHA1 hash: 985582e8ef59c4e7b391acca90a18829ee2084a7
MD5 hash: e8f319f2db053587505d182e9ffebb7a
humanhash: beryllium-seventeen-utah-bravo
File name:Akt sverki nachalo iyunya.exe
Download: download sample
Signature Pony
Create hunting rule
File size:266'768 bytes
First seen:2020-06-04 06:40:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0dfa8c03256258dd130e281359479ead (1 x Pony)
ssdeep 3072:Z86YK/ezq0ySUW0Rza48osqYayCq3bm7nV:ZLNMDUHypaXX
Threatray 145 similar samples on MalwareBazaar
TLSH B1442816146F8CA5FE25F876A4F5983A01AFCC6F0E4866F730907D053D3CAD52A76B0A
Reporter abuse_ch
Tags:exe Pony


Avatar
abuse_ch
Malspam distributing Pony:

HELO: mail.tula.net
Sending IP: 212.12.0.5
From: Юлия Мельникова <fors@tula.net>
Reply-To: Юлия Мельникова <anastasbobrova68@rambler.ru>
Subject: Список документов 4е июня
Attachment: Akt sverki nachalo iyunya.001 (contains "Akt sverki nachalo iyunya.exe")

Pony C2:
http://94.156.189.177/p/z05857687.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:26:39 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3new4ozxvbrs5giisumwzbpwyfaxipo22awyst76ligjtsaydttq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
Pony
489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710
Pony
4bb2312117a9cca54bbb57f052f7a012d1971b1895fee03e35f6b657ac506bd1
Pony
7cf72bae10afa79e537315303bc0ffd4ab5159102347818158796b4a05692403
Pony
9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
Pony
9da2fc8e17dff51ad3de4ef9ff78d4196bd530a4aaa8e3c07e81e56df7a5c241
Pony
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
Pony
d67bc999b9c89a4c2ccd9832b42accf936e6b4403d27226c8de973ec0987d945
Pony
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
Pony
e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf
Pony
+ 135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-hd5nxrsfn2/
Behaviour
Runs ping.exe
Script User-Agent
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

9ea987d3adf192b553e54a4bb06c3517

Pony

Executable exe db496e3b37a8632e990895196c85f6c141743ddad02d894ffe5a0c99c8181ce7

(this sample)

  
Dropped by
MD5 9ea987d3adf192b553e54a4bb06c3517
  
Delivery method
Distributed via e-mail attachment

Comments