General
-
Target
40e32c29850d56bd7403be67debc893f
-
Size
291KB
-
Sample
240104-pwxp2afehm
-
MD5
40e32c29850d56bd7403be67debc893f
-
SHA1
4fb35c8070c60da9ca375979668a1a25f90d57f2
-
SHA256
1101bfec0f787f301b9dc14bcd3461345b7eeb03893b3cb7d058be35a5195611
-
SHA512
845829f596c776c6d10bf2dd133519302de38173150e4e5b98f4eee32c90032b5e2775dd0b1a31823aa21d2f7c4f1b2ef17e2a4d9e65dc8953dd3b5409b7f68c
-
SSDEEP
6144:kqQDhqYPR4+n1XmnHRd7umEKoY2axlZlkvbV1sh:kqQAYxn1XGHRd7XEKoSTEsh
Behavioral task
behavioral1
Sample
40e32c29850d56bd7403be67debc893f.exe
Resource
win7-20231129-en
Malware Config
Extracted
vulturi
http://199.247.17.103:5050/gate
-
c2_encryption_key
zagadka1337
-
c2_user
root
Targets
-
-
Target
40e32c29850d56bd7403be67debc893f
-
Size
291KB
-
MD5
40e32c29850d56bd7403be67debc893f
-
SHA1
4fb35c8070c60da9ca375979668a1a25f90d57f2
-
SHA256
1101bfec0f787f301b9dc14bcd3461345b7eeb03893b3cb7d058be35a5195611
-
SHA512
845829f596c776c6d10bf2dd133519302de38173150e4e5b98f4eee32c90032b5e2775dd0b1a31823aa21d2f7c4f1b2ef17e2a4d9e65dc8953dd3b5409b7f68c
-
SSDEEP
6144:kqQDhqYPR4+n1XmnHRd7umEKoY2axlZlkvbV1sh:kqQAYxn1XGHRd7XEKoSTEsh
-
Vulturi payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-