A new Pony Loader campaign that targets potential visitors of the Canton Fair based in Guangzhou, China. The initial infection sources from the following email:
This email contains a compressed .ZIP archive named “ORDER LIST PROPOSAL-REQUEST FOR QUOTATION.zip” that, when decompressed, contains “ORDER LIST PROPOSAL-REQUEST FOR QUOTATION.exe”. This executable is the Pony Loader malware, a common password stealing Trojan that started in 2011 and still continues to operate today.
Malware Hash (MD5/SHA1/SH256)