vulturi | b2b09138f6bd625c119b4baae4133f3583ccc1e19f0e883fd31171f2a39a5f3e | Triage

Sharing

General

Target

b2b09138f6bd625c119b4baae4133f3583ccc1e19f0e883fd31171f2a39a5f3e.bin
Size

291KB
Sample

220718-mrzmqabfa2
MD5

ffb8152ef40edc5c178d228b9c96a06d
SHA1

83bc9bc18e5d4e68add42624838827308e6cdafc
SHA256

b2b09138f6bd625c119b4baae4133f3583ccc1e19f0e883fd31171f2a39a5f3e
SHA512

8b10109b48851decc3a6d4dc5bb977c25e72988af79d241fe7bd049b6080358ac76ce59540024e6401fb61d12386e6b07e32966e85563d6f46d31f66ae81ccb3

Score

10^/10

vulturi stealer

Malware Config

Extracted

Family

vulturi

C2

http://52.188.26.40:5050/gate

Attributes

c2_encryption_key
welovefortnite
c2_user
root

Targets

- Target
  
  b2b09138f6bd625c119b4baae4133f3583ccc1e19f0e883fd31171f2a39a5f3e.bin
- Size
  
  291KB
- MD5
  
  ffb8152ef40edc5c178d228b9c96a06d
- SHA1
  
  83bc9bc18e5d4e68add42624838827308e6cdafc
- SHA256
  
  b2b09138f6bd625c119b4baae4133f3583ccc1e19f0e883fd31171f2a39a5f3e
- SHA512
  
  8b10109b48851decc3a6d4dc5bb977c25e72988af79d241fe7bd049b6080358ac76ce59540024e6401fb61d12386e6b07e32966e85563d6f46d31f66ae81ccb3
Score

10^/10

vulturi stealer
- Vulturi
  An info stealer written in C# and first seen in January 2021.
  stealer vulturi
- Vulturi payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2