MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
SHA3-384 hash: f0971c9d487ccd4d9bc06d43954ab13261f124f9f3250710abf3ca53a712ab07f64469a2d91ba8e623d3ec82fc63138a
SHA1 hash: 6682b2fa8859ffa531b0ffbf9fe94e7a3d05f88b
MD5 hash: 185594acb9b182c102549e7acdafd694
humanhash: michigan-minnesota-bakerloo-double
File name:e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c
Download: download sample
File size:258'048 bytes
First seen:2020-11-07 18:31:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 966e8b68c7c3bc9589e99b52177e5924
ssdeep 1536:cRxTcyZSywQsACU3wv40kkJ1CwwXY7rI/RWaDP081YV5QscZSyeK:KBwQCdPKkmDP0iQ5Q1B
Threatray 420 similar samples on MalwareBazaar
TLSH 7344CF097A41CF65F9F402B14926611CDA990D60181FB7123A9CB91DEFFED9072CF2AB
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Ponystealer-9775502-0
Create hunting rule

Win.Malware.Ponystealer-9775510-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Reading critical registry keys
DNS request
Stealing user critical data
Enabling autorun by creating a file
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e06424448f76d743640e518b0fec78a025fee0856f6afa507e077e5dcc118e3c/
Gathering data
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
2dba22bb151cb9c5e35304b1a6215374d6857898d217b721f9b5a6e8d973576d
5e57e98ff9180e08404e1ddaf29e274ab4df1149b2cbfbdf3422ae460afbafac
754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce
78c42daa9bd978e2e2ca039a54f167f5090681124f402fa9c9bd69a2dd23bc26
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
a8a98322ac04825ae3dac08e12ed29383d966fec2033a8002e9d75e71b57d406
a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f
a9ab46452a78667dfb767d2bf2507c607d818463c8a0b8d87cf3b79335247a3e
b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
f79be9655ab5fa236f5b81bc4af8538e91e4dbb3f6ee25d14891c6bec26681ae
+ 410 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-3zs1rdmqz2/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments