← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Android Malware Vultur Expands Its Wingspan
WHITE Vultur AlienVault 2024-03-29 Modified: 2024-04-01
58
IOCs
HIGH VOLUME
The authors behind Android banking malware Vultur have added new features allowing more remote interaction with victim devices. Vultur encrypts C2 communication, uses multiple encrypted payloads, and disguises as legitimate apps. New features include file management, blocking apps, custom notifications, disabling lock screen. Vultur correlates to Android dropper Brunhilda.
trojanbrunhildaratmalwarebankerremote accessvulturandroid
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vultur Brunhilda
Indicators of Compromise (8 / 58 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2da004a28be64e61f21a5b562795b2b9 2024-03-29
FileHash-MD5 52abc7f45a449ffd2760ef58672d2b71 2024-03-29
FileHash-MD5 6bb99bd81bc27916f14883541b41ad6a 2024-03-29
FileHash-MD5 8e83d178c1a3b9da0c71c613e2c77647 2024-03-29
FileHash-MD5 b1b5eacc4d1cd7500e930286833f1626 2024-03-29
FileHash-MD5 b58a7cc0c8cf529ae05589f8b76cd8a7 2024-03-29
FileHash-MD5 dafa2f40b09ebb8ba0695001a29546a4 2024-03-29
FileHash-MD5 f931794df50c0876bab25b112d85d702 2024-03-29
References (1)
↗ https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/