vulturi | 41974493fb3bc56d1f4f9224adcf02a7adb179adf827425b6f2f29c4ab6dec3f | Triage

Sharing

General

Target

41974493fb3bc56d1f4f9224adcf02a7adb179adf827425b6f2f29c4ab6dec3f.bin
Size

291KB
Sample

220718-mrrl4scfep
MD5

f5c4755560853724cd144906222ea0e0
SHA1

08599b26cdd0f6e5e37a42b194ecee3390d199ef
SHA256

41974493fb3bc56d1f4f9224adcf02a7adb179adf827425b6f2f29c4ab6dec3f
SHA512

ebfe4fcc477599dbe246759c13e9bf16fbdb72af579aaa0595c82fd335d2a6a3e73557d10c2b3a285eeed8d5a2d8e9b1f93caf64daf0c3a565314130cd22f076

Score

10^/10

vulturi stealer

Malware Config

Extracted

Family

vulturi

C2

http://xmarv.ddns.net:5050/gate

Attributes

c2_encryption_key
testxmarvel1
c2_user
root

Targets

- Target
  
  41974493fb3bc56d1f4f9224adcf02a7adb179adf827425b6f2f29c4ab6dec3f.bin
- Size
  
  291KB
- MD5
  
  f5c4755560853724cd144906222ea0e0
- SHA1
  
  08599b26cdd0f6e5e37a42b194ecee3390d199ef
- SHA256
  
  41974493fb3bc56d1f4f9224adcf02a7adb179adf827425b6f2f29c4ab6dec3f
- SHA512
  
  ebfe4fcc477599dbe246759c13e9bf16fbdb72af579aaa0595c82fd335d2a6a3e73557d10c2b3a285eeed8d5a2d8e9b1f93caf64daf0c3a565314130cd22f076
Score

10^/10

vulturi stealer
- Vulturi
  An info stealer written in C# and first seen in January 2021.
  stealer vulturi
- Vulturi payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2