General
-
Target
citadel_1.3.3.5.vir
-
Size
213KB
-
Sample
200719-wza3f95w26
-
MD5
ebcc956a463733ff3b8b7f3e10c7bf4a
-
SHA1
8a4757afbef49a27272961dca870d69780b2abee
-
SHA256
d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83
-
SHA512
a33f89d697ea77042a7c4dd0340ddda5e57ec8a28d8c955e410c8161ae76237ce477ae4c064c71a2e4a55f957d81fb828345053a4a5bd7ac16ed36902b816d33
Static task
static1
Behavioral task
behavioral1
Sample
citadel_1.3.3.5.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
citadel_1.3.3.5.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
citadel_1.3.3.5.vir
-
Size
213KB
-
MD5
ebcc956a463733ff3b8b7f3e10c7bf4a
-
SHA1
8a4757afbef49a27272961dca870d69780b2abee
-
SHA256
d29b6d3a43795f840214bdc2e46255566c9840e8aa16cce8704b8eaf34cfba83
-
SHA512
a33f89d697ea77042a7c4dd0340ddda5e57ec8a28d8c955e410c8161ae76237ce477ae4c064c71a2e4a55f957d81fb828345053a4a5bd7ac16ed36902b816d33
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-