General Information

  • Date:20.07.2020
  • Duration:0h 1m 21s
  • Sample file name:citadel_1.3.3.3.vir (renamed file extension from vir to exe)
  • Cookbook:default.jbs
  • Icon:
  • Filetype:exe

Detection

MALICIOUS
ZeusVM
    • Found 9 malicious signatures
    • Contacts 1 domain/IP
    • Launches 1 process
    • Drops 0 file

Signature Overview

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 247208 Sample: citadel_1.3.3.3.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 11 Malicious sample detected (through community Yara rule) 2->11 13 Antivirus / Scanner detection for submitted sample 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 3 other signatures 2->17 5 citadel_1.3.3.3.exe 2->5         started        process3 dnsIp4 9 1.3.3.3 CLOUDFLARENETUS China 5->9 19 Detected unpacking (changes PE section rights) 5->19 21 Detected unpacking (overwrites its own PE header) 5->21 23 Detected ZeusVM e-Banking Trojan 5->23 signatures5
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted Public IPs

    IP Country Flag ASN ASN Name Malicious
    1.3.3.3
    China
    13335 CLOUDFLARENETUS true