MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
SHA3-384 hash: 82e823c84d382a716d0adac3174bba4b52cc1f833f77bcc8a836044c9565b735a3675eeaa6fe7f0da7a883bb0e248cd7
SHA1 hash: aac5c4a8ac6490293ca7c904ea510de9d4ac5a70
MD5 hash: b396c08e9d2103073667413803bd2d8c
humanhash: equal-maine-wolfram-summer
File name:e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
Download: download sample
Signature Pony
Create hunting rule
File size:458'752 bytes
First seen:2020-03-23 16:25:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:KT2uFP8EplWeP/WSBWZ5cHcXnV8LoHDR0749Caistvo3:KT38elWaBW5cHaV+oje8nNo3
Threatray 146 similar samples on MalwareBazaar
TLSH CDA41236F3B18F3BCA934235A42744235674C6E073A1EB132979B69A9D87F410E31FA5
Reporter Marco_Ramilli
Tags:exe Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.40820160.15066.28878.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2018-12-06 17:33:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
hawkeyekeylogger
Create hunting rule
Similar samples:
23e3757121ff1a0c053d2dc66651ad8e2152373724a8091c56a7fae203401cab
Pony
40bcf1b92cac08e72eb025659bb892a41926ebd655f448ff5544ece312986987
Pony
49f23a6aa07ad1617e09d06680a7e2544ba8daa9295285405b7c82ab96b8a335
Pony
80b9257f924aef8ac5a1a724234ddcd6b67bee79819202bb7b5d4586b35164c7
Pony
82c531ee47fd52c78ed90b259be7908208ae6657a75643fce70df85eb0cd64a3
Pony
87dc16528521b99284a5d7e466d1cd5047c3ca27caaa05a0ea6ccd11b63dd3b8
Pony
98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5
Pony
b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
Pony
f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989
Pony
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
Pony
+ 136 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/91524/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments