General
-
Target
citadel_1.1.0.0.vir
-
Size
401KB
-
Sample
200719-3rnfybhh2j
-
MD5
5abefe1af6518c5daccbe0833b75858b
-
SHA1
0bc40dc4b0d380b42b2bfbd89eedfc9669be9367
-
SHA256
fcce249643f7fe240695fdbc393b54a543fa4a49942b56ad8aad6f219c4f896d
-
SHA512
e4cb2d745533dc2dd4efd360d7bebf8f5cbebe4572130d0e874e021629b2d58d43fd05f7b146d60e6b87bc16b7be7e86b69bf6dcb1c984fcb9251c6f1613f28f
Static task
static1
Behavioral task
behavioral1
Sample
citadel_1.1.0.0.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
citadel_1.1.0.0.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
citadel_1.1.0.0.vir
-
Size
401KB
-
MD5
5abefe1af6518c5daccbe0833b75858b
-
SHA1
0bc40dc4b0d380b42b2bfbd89eedfc9669be9367
-
SHA256
fcce249643f7fe240695fdbc393b54a543fa4a49942b56ad8aad6f219c4f896d
-
SHA512
e4cb2d745533dc2dd4efd360d7bebf8f5cbebe4572130d0e874e021629b2d58d43fd05f7b146d60e6b87bc16b7be7e86b69bf6dcb1c984fcb9251c6f1613f28f
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-