vulturi | a5650e96f4ab48e6fcb43efc498f7ba9d9808d786d158d63712444ddcfeea008 | Triage

Sharing

General

Target

a5650e96f4ab48e6fcb43efc498f7ba9d9808d786d158d63712444ddcfeea008.bin
Size

291KB
Sample

220718-mryqesbeh9
MD5

3980243d51a4bcdbcfe35b7023ce62e4
SHA1

501e41381ce09c277b265c2ebef9db6e3b91ade1
SHA256

a5650e96f4ab48e6fcb43efc498f7ba9d9808d786d158d63712444ddcfeea008
SHA512

5eee744c4a364508c54f9188bc07eca2784df33bf5d528a56d9cd8795ddeabb3526cb3e41dd812a0b82869ef0ad68535b4fdfee79b6f27d3d12fcb197844af89

Score

10^/10

vulturi stealer

Malware Config

Extracted

Family

vulturi

C2

http://193.142.59.123:5050/gate

Attributes

c2_encryption_key
Bigmoney916
c2_user
root

Targets

- Target
  
  a5650e96f4ab48e6fcb43efc498f7ba9d9808d786d158d63712444ddcfeea008.bin
- Size
  
  291KB
- MD5
  
  3980243d51a4bcdbcfe35b7023ce62e4
- SHA1
  
  501e41381ce09c277b265c2ebef9db6e3b91ade1
- SHA256
  
  a5650e96f4ab48e6fcb43efc498f7ba9d9808d786d158d63712444ddcfeea008
- SHA512
  
  5eee744c4a364508c54f9188bc07eca2784df33bf5d528a56d9cd8795ddeabb3526cb3e41dd812a0b82869ef0ad68535b4fdfee79b6f27d3d12fcb197844af89
Score

10^/10

vulturi stealer
- Vulturi
  An info stealer written in C# and first seen in January 2021.
  stealer vulturi
- Vulturi payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2