Overview

overview

8

Static

static

citadel_1....ir.exe

windows7_x64

8

citadel_1....ir.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    citadel_1.3.3.1.vir

  • Size

    199KB

  • Sample

    200719-negld6jh76

  • MD5

    df96ba696553268ea03f8bfa555047a4

  • SHA1

    ea937edc811b75a2949eb609d95bc53b031e63ed

  • SHA256

    cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1

  • SHA512

    3ee228da9dcb7907c939ecebf417247b5b65dce22e92b642796de66f5fc8b7bc84bf658ffae0dab70f5f1cdbbc20df54ce89248a2d70e4dac54862b9a5ed8df3

Score
8/10
persistence

Malware Config

Targets

    • Target

      citadel_1.3.3.1.vir

    • Size

      199KB

    • MD5

      df96ba696553268ea03f8bfa555047a4

    • SHA1

      ea937edc811b75a2949eb609d95bc53b031e63ed

    • SHA256

      cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1

    • SHA512

      3ee228da9dcb7907c939ecebf417247b5b65dce22e92b642796de66f5fc8b7bc84bf658ffae0dab70f5f1cdbbc20df54ce89248a2d70e4dac54862b9a5ed8df3

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks