General
-
Target
FnPuller.exe
-
Size
16.4MB
-
Sample
241110-a9m1esymhp
-
MD5
bedc28d5ba8af8459f85d57a8b3b9f9a
-
SHA1
a2eefb7bda74ad01cef606390593a1ebfc2e1709
-
SHA256
db0d623ba3e20c740268c11638f22a96d9a4453dc8f1dc54839da993cca59abd
-
SHA512
726d98ee61ad7108bb0d82217bb9ac392e3279204bc1a83c01c9c4c6fd119861ee387820d9c0f03b7d7762f742b60dd562185ebbf29926c687d06e190d8516eb
-
SSDEEP
196608:E0NpUXDB2Mi0sKYu/PaQZXGnOrzGsyHHICEB6yBC+K6kHWMbgdOLv0zGil64ofxI:MXoQZXGOrzGseICEBRB8RD07DofTESV
Behavioral task
behavioral1
Sample
FnPuller.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
FnPuller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
FnPuller.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
FnPuller.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
FnPuller.exe
-
Size
16.4MB
-
MD5
bedc28d5ba8af8459f85d57a8b3b9f9a
-
SHA1
a2eefb7bda74ad01cef606390593a1ebfc2e1709
-
SHA256
db0d623ba3e20c740268c11638f22a96d9a4453dc8f1dc54839da993cca59abd
-
SHA512
726d98ee61ad7108bb0d82217bb9ac392e3279204bc1a83c01c9c4c6fd119861ee387820d9c0f03b7d7762f742b60dd562185ebbf29926c687d06e190d8516eb
-
SSDEEP
196608:E0NpUXDB2Mi0sKYu/PaQZXGnOrzGsyHHICEB6yBC+K6kHWMbgdOLv0zGil64ofxI:MXoQZXGOrzGseICEBRB8RD07DofTESV
Score7/10-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
FnPuller.pyc
-
Size
28KB
-
MD5
bcc9dd0d1310bddac3a52fc95ce2bc0b
-
SHA1
bd3144b8f9c97084342fbc87c9af0e1c95b41520
-
SHA256
f0919b3ea04506a3498d7a42d792a7ac15661425884f42296b7683e08bcec228
-
SHA512
db6dc3528ab973db406f702d7f4d832b4f6ebe39f906782dd685c1a508282f386e612ddfa6c24facc831805b4d57769549844f3a56fd2c4894deafcdff15a8f7
-
SSDEEP
768:TWFBrYykyutXEH8SEQCsraKmIIF+EncA2:TlZyO+EoG6m+5
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1