General
-
Target
Fentanyl_protected.exe
-
Size
61.9MB
-
Sample
240617-z1v24sycmr
-
MD5
b61ccb9fffcef570403443538a523ab4
-
SHA1
ce913c18cfebd8a026970072a6cf9e94a79779bf
-
SHA256
8d9ec18b5de7caf9a9a85f7b8cd668f1c0824d0db9fcce2d2a250863e4e0f38e
-
SHA512
cd0080a7e424fe37c11591f7a79481456856040f3f59509bd98962cb3274586a52dd643d11ba1dd3cf2d731830cb76f3010b82cef58d2a8e750b27d1bb226f46
-
SSDEEP
1572864:l1l/QJW8ZMAhRnOPrONJ0Vl4uyE7zqJtD8jGwd:Xl/EvZMAhBOycVlhfgDDU
Malware Config
Targets
-
-
Target
Fentanyl_protected.exe
-
Size
61.9MB
-
MD5
b61ccb9fffcef570403443538a523ab4
-
SHA1
ce913c18cfebd8a026970072a6cf9e94a79779bf
-
SHA256
8d9ec18b5de7caf9a9a85f7b8cd668f1c0824d0db9fcce2d2a250863e4e0f38e
-
SHA512
cd0080a7e424fe37c11591f7a79481456856040f3f59509bd98962cb3274586a52dd643d11ba1dd3cf2d731830cb76f3010b82cef58d2a8e750b27d1bb226f46
-
SSDEEP
1572864:l1l/QJW8ZMAhRnOPrONJ0Vl4uyE7zqJtD8jGwd:Xl/EvZMAhBOycVlhfgDDU
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-