General
-
Target
citadel_1.2.0.0b.vir
-
Size
213KB
-
Sample
200719-tjjnytan7e
-
MD5
b7f755dc5616bbf10f6d11a276c88c98
-
SHA1
6a31f670e6b91d246ff88d073d6c0b0cde9e9300
-
SHA256
371b9214f60a70c81ec1756d284e8028ff7603498341ecb7fa5cc09f3b10043e
-
SHA512
a569a9049e1c5a3cd5278400a4a8d53c6b728c685aca6401896c94ddf5efd7226660feaeb3a65e30d8b652fdf7da93053b577cc08fc8b480bb4527c6efa4cc89
Static task
static1
Behavioral task
behavioral1
Sample
citadel_1.2.0.0b.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
citadel_1.2.0.0b.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
citadel_1.2.0.0b.vir
-
Size
213KB
-
MD5
b7f755dc5616bbf10f6d11a276c88c98
-
SHA1
6a31f670e6b91d246ff88d073d6c0b0cde9e9300
-
SHA256
371b9214f60a70c81ec1756d284e8028ff7603498341ecb7fa5cc09f3b10043e
-
SHA512
a569a9049e1c5a3cd5278400a4a8d53c6b728c685aca6401896c94ddf5efd7226660feaeb3a65e30d8b652fdf7da93053b577cc08fc8b480bb4527c6efa4cc89
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-