General
-
Target
citadel_0.0.1.1.vir
-
Size
544KB
-
Sample
200719-38exjgv782
-
MD5
fb340f7a5dbb81b63198d0637b94fa13
-
SHA1
c73fec0e884dd8c0605257adcec1ab1153175455
-
SHA256
76494ca680d605eca75201ecf6c87bf1c6070c640e95bf3acfd633ac529a8487
-
SHA512
b8686134589b689f1866506b2d5da01eb2621aa20257ae229300897d15de5e1beaf1b69e120368371e8e124e3da044c2af82056255274f42e0fa4c28fd2dee27
Static task
static1
Behavioral task
behavioral1
Sample
citadel_0.0.1.1.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
citadel_0.0.1.1.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
citadel_0.0.1.1.vir
-
Size
544KB
-
MD5
fb340f7a5dbb81b63198d0637b94fa13
-
SHA1
c73fec0e884dd8c0605257adcec1ab1153175455
-
SHA256
76494ca680d605eca75201ecf6c87bf1c6070c640e95bf3acfd633ac529a8487
-
SHA512
b8686134589b689f1866506b2d5da01eb2621aa20257ae229300897d15de5e1beaf1b69e120368371e8e124e3da044c2af82056255274f42e0fa4c28fd2dee27
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-