MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 747d453eb50403d9aee95c2ae18fbb735a7a3ac8dc68c6842e94c7d64e4fcc11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 2 Comments

SHA256 hash: 747d453eb50403d9aee95c2ae18fbb735a7a3ac8dc68c6842e94c7d64e4fcc11
SHA3-384 hash: 64231a490457e8b01e28b61e4a8dc1263b8a8f73e797ff9e19486cb632e37e5055198c1d1fae1f8f1500a30dacc1af5e
SHA1 hash: bff2c7b8b4a242feff6f8492a802fc21f4d758bd
MD5 hash: a6de2d2d0cef01cb1e519a0bd350b083
humanhash: bluebird-nebraska-ceiling-lemon
File name:citadel_1.3.3.0.vir
Download: download sample
Signature Citadel
File size:305'159 bytes
First seen:2020-07-19 17:30:02 UTC
Last seen:2020-07-19 19:18:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 49e4fa9e27c95aadaa0dbe40c66648c2
ssdeep 6144:KEU6yWlqZgberXcz/d7R8yOTLe7yfAFrR4j2F7:KEU6tq9rMZ7mLH4Frc
TLSH D15402D12AA6D038C658E332BC914F15E071B88630676B3A1829F72DCD9537BD24BE5F
Reporter @tildedennis
Tags:Citadel


Twitter
@tildedennis
citadel version 1.3.3.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2014-08-15 10:48:35 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Loads dropped DLL
Threat name:
Unknown
Score:
1.00

Yara Signatures


Rule name:citadel13xy
Author:Jean-Philippe Teissier / @Jipe_
Description:Citadel 1.5.x.y trojan banker
Rule name:win_citadel_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments