54d67f153de6ba73daf1b037057cf5c0550cfb6c0aee53c5d5119a9a3647b300 | Triage

Submit
Reports

Overview

overview

8

Static

static

citadel_1....ir.exe

windows7_x64

8

citadel_1....ir.exe

windows10_x64

1

Sharing

General

Target

citadel_1.2.4.0.vir
Size

630KB
Sample

200719-hqkxhhezxe
MD5

f5b434f9ad53bac3bd1af814bbe73fc5
SHA1

12a5100c1217b847c2177c3dc47efc233b188a2f
SHA256

54d67f153de6ba73daf1b037057cf5c0550cfb6c0aee53c5d5119a9a3647b300
SHA512

ac64540501f8555cce3e2eb3f85b8c23ddf57d413d5b3d7c14274d46e2499c7667c14cfadeb36f803f05dadf1b33fd2049d5a29bb90fd12f9a6eaed988f91442

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

citadel_1.2.4.0.vir.exe

Resource

win7v200430

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

citadel_1.2.4.0.vir.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  citadel_1.2.4.0.vir
- Size
  
  630KB
- MD5
  
  f5b434f9ad53bac3bd1af814bbe73fc5
- SHA1
  
  12a5100c1217b847c2177c3dc47efc233b188a2f
- SHA256
  
  54d67f153de6ba73daf1b037057cf5c0550cfb6c0aee53c5d5119a9a3647b300
- SHA512
  
  ac64540501f8555cce3e2eb3f85b8c23ddf57d413d5b3d7c14274d46e2499c7667c14cfadeb36f803f05dadf1b33fd2049d5a29bb90fd12f9a6eaed988f91442
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy