General

  • Target

    citadel_1.3.2.0.vir

  • Size

    229KB

  • Sample

    200719-svlk6v8j6a

  • MD5

    8a5bf60e204356dff1029a4d10f7596b

  • SHA1

    e0a17c6248f3dd599ab79552a83050c673857f72

  • SHA256

    118185aed4dd97bbf3fe28bebb075a67ca7dbf75dee24efa999e170ee13d0396

  • SHA512

    64253b1789adb4fa9faa37c0ac9bdbe792b2ec9112c2820efae8fb430e16822cf7861b0ff7b882818af24b37911a29b72caffaae306d7468e7a15dcbff5d54d0

Score
8/10

Malware Config

Targets

    • Target

      citadel_1.3.2.0.vir

    • Size

      229KB

    • MD5

      8a5bf60e204356dff1029a4d10f7596b

    • SHA1

      e0a17c6248f3dd599ab79552a83050c673857f72

    • SHA256

      118185aed4dd97bbf3fe28bebb075a67ca7dbf75dee24efa999e170ee13d0396

    • SHA512

      64253b1789adb4fa9faa37c0ac9bdbe792b2ec9112c2820efae8fb430e16822cf7861b0ff7b882818af24b37911a29b72caffaae306d7468e7a15dcbff5d54d0

    Score
    8/10
    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks