Overview

overview

8

Static

static

citadel_0....ir.exe

windows7_x64

8

citadel_0....ir.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    citadel_0.0.1.1.vir

  • Size

    544KB

  • Sample

    200719-38exjgv782

  • MD5

    fb340f7a5dbb81b63198d0637b94fa13

  • SHA1

    c73fec0e884dd8c0605257adcec1ab1153175455

  • SHA256

    76494ca680d605eca75201ecf6c87bf1c6070c640e95bf3acfd633ac529a8487

  • SHA512

    b8686134589b689f1866506b2d5da01eb2621aa20257ae229300897d15de5e1beaf1b69e120368371e8e124e3da044c2af82056255274f42e0fa4c28fd2dee27

Score
8/10
persistence

Malware Config

Targets

    • Target

      citadel_0.0.1.1.vir

    • Size

      544KB

    • MD5

      fb340f7a5dbb81b63198d0637b94fa13

    • SHA1

      c73fec0e884dd8c0605257adcec1ab1153175455

    • SHA256

      76494ca680d605eca75201ecf6c87bf1c6070c640e95bf3acfd633ac529a8487

    • SHA512

      b8686134589b689f1866506b2d5da01eb2621aa20257ae229300897d15de5e1beaf1b69e120368371e8e124e3da044c2af82056255274f42e0fa4c28fd2dee27

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks