General

  • Target

    fe3868de44639e4db971bc2600cdcd55c09e1500a1e9a3cb7a8d22f1867c795c.bin

  • Size

    3.7MB

  • Sample

    220714-kqngysfafl

  • MD5

    2006a4de01e8d2330d684c44b824ed52

  • SHA1

    21aafc6bf52e3765b9538d5de5eacbe3fbb7d4f8

  • SHA256

    fe3868de44639e4db971bc2600cdcd55c09e1500a1e9a3cb7a8d22f1867c795c

  • SHA512

    be80a27e54891d8350116daeb3cc652e5071c904cf22bbad1b45931a3f432ac1b9e4b9f0dca2dd481eb485e19a28e9bcaeb6b1448f2b4abb50de3a90eee54a01

Score
10/10

Malware Config

Extracted

Family

vulturi

C2

http://154.53.33.203:5050/gate

Attributes
  • c2_encryption_key

    testkey

  • c2_user

    root

Targets

    • Target

      fe3868de44639e4db971bc2600cdcd55c09e1500a1e9a3cb7a8d22f1867c795c.bin

    • Size

      3.7MB

    • MD5

      2006a4de01e8d2330d684c44b824ed52

    • SHA1

      21aafc6bf52e3765b9538d5de5eacbe3fbb7d4f8

    • SHA256

      fe3868de44639e4db971bc2600cdcd55c09e1500a1e9a3cb7a8d22f1867c795c

    • SHA512

      be80a27e54891d8350116daeb3cc652e5071c904cf22bbad1b45931a3f432ac1b9e4b9f0dca2dd481eb485e19a28e9bcaeb6b1448f2b4abb50de3a90eee54a01

    Score
    10/10
    • Vulturi

      An info stealer written in C# and first seen in January 2021.

    • Vulturi payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks