Overview

overview

8

Static

static

citadel_1....ir.exe

windows7_x64

8

citadel_1....ir.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    citadel_1.3.4.0.vir

  • Size

    144KB

  • Sample

    200719-rax8tefjzx

  • MD5

    d19f137ed4625db20e660bde8f04d423

  • SHA1

    96d7a2903df9727c4db018e384505d15186b53a3

  • SHA256

    f1c63b15b0244a6f956cdbfc811d1990be99f8e5fa4027403b4f1aaf1de312a2

  • SHA512

    04ac65fbc7cb38b37b98057ed9136b35c1eedbafa93c82262a6d07fa894131fd66f034f4aa6e578285a4aa499a407ceb5cdc8bc0c82a5f34d08d340a84ee57ef

Score
8/10
persistence

Malware Config

Targets

    • Target

      citadel_1.3.4.0.vir

    • Size

      144KB

    • MD5

      d19f137ed4625db20e660bde8f04d423

    • SHA1

      96d7a2903df9727c4db018e384505d15186b53a3

    • SHA256

      f1c63b15b0244a6f956cdbfc811d1990be99f8e5fa4027403b4f1aaf1de312a2

    • SHA512

      04ac65fbc7cb38b37b98057ed9136b35c1eedbafa93c82262a6d07fa894131fd66f034f4aa6e578285a4aa499a407ceb5cdc8bc0c82a5f34d08d340a84ee57ef

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks