← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Android Malware Vultur Expands Its Wingspan
WHITE Vultur AlienVault 2024-03-29 Modified: 2024-04-01
58
IOCs
HIGH VOLUME
The authors behind Android banking malware Vultur have added new features allowing more remote interaction with victim devices. Vultur encrypts C2 communication, uses multiple encrypted payloads, and disguises as legitimate apps. New features include file management, blocking apps, custom notifications, disabling lock screen. Vultur correlates to Android dropper Brunhilda.
trojanbrunhildaratmalwarebankerremote accessvulturandroid
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vultur Brunhilda
Indicators of Compromise (58)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2da004a28be64e61f21a5b562795b2b9 2024-03-29
FileHash-MD5 52abc7f45a449ffd2760ef58672d2b71 2024-03-29
FileHash-MD5 6bb99bd81bc27916f14883541b41ad6a 2024-03-29
FileHash-MD5 8e83d178c1a3b9da0c71c613e2c77647 2024-03-29
FileHash-MD5 b1b5eacc4d1cd7500e930286833f1626 2024-03-29
FileHash-MD5 b58a7cc0c8cf529ae05589f8b76cd8a7 2024-03-29
FileHash-MD5 dafa2f40b09ebb8ba0695001a29546a4 2024-03-29
FileHash-MD5 f931794df50c0876bab25b112d85d702 2024-03-29
FileHash-SHA1 436736451c497872d3ca1007b0d4950692d1baab 2024-03-29
FileHash-SHA1 5daddee01e70eae61842eae36b8d69ca1f980601 2024-03-29
FileHash-SHA1 764af13e353f09617c33ec8a100acad5b2240505 2024-03-29
FileHash-SHA1 aeaf26e5d5e130382719f879fc987cd7ded76465 2024-03-29
FileHash-SHA1 bfae871e0c89814e133a6810276ff324d0bd376e 2024-03-29
FileHash-SHA1 cbcc6d7e10f9138a896e0cf77ed4727e11d272ac 2024-03-29
FileHash-SHA1 d9cb590817405738cf57f8545ff583848b1c3b19 2024-03-29
FileHash-SHA1 f9e2f2933310a34d1b756482e0847d31bd2f50aa 2024-03-29
FileHash-SHA256 001fd4af41df8883957c515703e9b6b08e36fde3fd1d127b283ee75a32d575fc 2024-03-29
FileHash-SHA256 0f2f8adce0f1e1971cba5851e383846b68e5504679d916d7dad10133cc965851 2024-03-29
FileHash-SHA256 1fc81b03703d64339d1417a079720bf0480fece3d017c303d88d18c70c7aabc3 2024-03-29
FileHash-SHA256 26f9e19c2a82d2ed4d940c2ec535ff2aba8583ae3867502899a7790fe3628400 2024-03-29
FileHash-SHA256 2a97ed20f1ae2ea5ef2b162d61279b2f9b68eba7cf27920e2a82a115fd68e31f 2024-03-29
FileHash-SHA256 4fed4a42aadea8b3e937856318f9fbd056e2f46c19a6316df0660921dd5ba6c5 2024-03-29
FileHash-SHA256 5724589c46f3e469dc9f048e1e2601b8d7d1bafcc54e3d9460bc0adeeada022d 2024-03-29
FileHash-SHA256 5d86c9afd1d33e4affa9ba61225aded26ecaeb01755eeb861bb4db9bbb39191c 2024-03-29
FileHash-SHA256 627529bb010b98511cfa1ad1aaa08760b158f4733e2bbccfd54050838c7b7fa3 2024-03-29
FileHash-SHA256 7337a79d832a57531b20b09c2fc17b4257a6d4e93fcaeb961eb7c6a95b071a06 2024-03-29
FileHash-SHA256 7ca6989ccfb0ad0571aef7b263125410a5037976f41e17ee7c022097f827bd74 2024-03-29
FileHash-SHA256 7f1a344d8141e75c69a3c5cf61197f1d4b5038053fd777a68589ecdb29168e0c 2024-03-29
FileHash-SHA256 819044d01e8726a47fc5970efc80ceddea0ac9bf7c1c5d08b293f0ae571369a9 2024-03-29
FileHash-SHA256 89625cf2caed9028b41121c4589d9e35fa7981a2381aa293d4979b36cf5c8ff2 2024-03-29
FileHash-SHA256 92af567452ecd02e48a2ebc762a318ce526ab28e192e89407cac9df3c317e78d 2024-03-29
FileHash-SHA256 c0f3cb3d837d39aa3abccada0b4ecdb840621a8539519c104b27e2a646d7d50d 2024-03-29
FileHash-SHA256 c646c8e6a632e23a9c2e60590f012c7b5cb40340194cb0a597161676961b4de0 2024-03-29
FileHash-SHA256 d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a 2024-03-29
FileHash-SHA256 dc4f24f07d99e4e34d1f50de0535f88ea52cc62bfb520452bdd730b94d6d8c0e 2024-03-29
FileHash-SHA256 edef007f1ca60fdf75a7d5c5ffe09f1fc3fb560153633ec18c5ddb46cc75ea21 2024-03-29
FileHash-SHA256 f4d7e9ec4eda034c29b8d73d479084658858f56e67909c2ffedf9223d7ca9bd2 2024-03-29
FileHash-SHA256 f5ce27a49eaf59292f11af07851383e7d721a4d60019f3aceb8ca914259056af 2024-03-29
FileHash-SHA256 fa6111216966a98561a2af9e4ac97db036bcd551635be5b230995faad40b7607 2024-03-29
FileHash-SHA256 fb1e68ee3509993d0fe767b0372752d2fec8f5b0bf03d5c10a30b042a830ae1a 2024-03-29
FileHash-SHA256 fc8c69bddd40a24d6d28fbf0c0d43a1a57067b19e6c3cc07e2664ef4879c221b 2024-03-29
FileHash-SHA256 fd3b36455e58ba3531e8cce0326cce782723cc5d1cc0998b775e07e6c2622160 2024-03-29
URL https://resources.prodaft.com/brunhilda-daas-malware-report 2024-03-29
YARA 05a2c1553a0bf2c8503dda705edfb65050a61b2f 2024-03-29
domain cloudmiracle.store 2024-03-29
domain safetyfactor.online 2024-03-29
hostname mcafee.053105.com 2024-03-29
hostname mcafee.092877.com 2024-03-29
hostname mcafee.353934.com 2024-03-29
hostname mcafee.581574.com 2024-03-29
hostname mcafee.582342.com 2024-03-29
hostname mcafee.582630.com 2024-03-29
hostname mcafee.593942.com 2024-03-29
hostname mcafee.784503.com 2024-03-29
hostname mcafee.908713.com 2024-03-29
hostname mcafee.930204.com 2024-03-29
hostname mcafee.960232.com 2024-03-29
hostname resources.prodaft.com 2024-03-29
References (1)
↗ https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/