General
-
Target
citadel_0.0.1.0.vir
-
Size
625KB
-
Sample
200719-tthqkp4h2a
-
MD5
dd61ca96711aa13910635e2504959890
-
SHA1
d339d635b7870e08fa3afaf32385cefdecdd5719
-
SHA256
27b86c92d6a04f4074462098e1ea9c0142816b66667effecb36ccde317458166
-
SHA512
234729276b77db8dbefaf5e56f085d0dc8eb66eecd67aaee953e1b4692c2f8bffc1693c0ff26b031426f3e1a86e26b0a102e65a6f9991674a7b61999eab4be5f
Static task
static1
Behavioral task
behavioral1
Sample
citadel_0.0.1.0.vir.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
citadel_0.0.1.0.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
citadel_0.0.1.0.vir
-
Size
625KB
-
MD5
dd61ca96711aa13910635e2504959890
-
SHA1
d339d635b7870e08fa3afaf32385cefdecdd5719
-
SHA256
27b86c92d6a04f4074462098e1ea9c0142816b66667effecb36ccde317458166
-
SHA512
234729276b77db8dbefaf5e56f085d0dc8eb66eecd67aaee953e1b4692c2f8bffc1693c0ff26b031426f3e1a86e26b0a102e65a6f9991674a7b61999eab4be5f
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-