General

  • Target

    Fentanyl_protected.exe

  • Size

    61.9MB

  • Sample

    240617-z1v24sycmr

  • MD5

    b61ccb9fffcef570403443538a523ab4

  • SHA1

    ce913c18cfebd8a026970072a6cf9e94a79779bf

  • SHA256

    8d9ec18b5de7caf9a9a85f7b8cd668f1c0824d0db9fcce2d2a250863e4e0f38e

  • SHA512

    cd0080a7e424fe37c11591f7a79481456856040f3f59509bd98962cb3274586a52dd643d11ba1dd3cf2d731830cb76f3010b82cef58d2a8e750b27d1bb226f46

  • SSDEEP

    1572864:l1l/QJW8ZMAhRnOPrONJ0Vl4uyE7zqJtD8jGwd:Xl/EvZMAhBOycVlhfgDDU

Malware Config

Targets

    • Target

      Fentanyl_protected.exe

    • Size

      61.9MB

    • MD5

      b61ccb9fffcef570403443538a523ab4

    • SHA1

      ce913c18cfebd8a026970072a6cf9e94a79779bf

    • SHA256

      8d9ec18b5de7caf9a9a85f7b8cd668f1c0824d0db9fcce2d2a250863e4e0f38e

    • SHA512

      cd0080a7e424fe37c11591f7a79481456856040f3f59509bd98962cb3274586a52dd643d11ba1dd3cf2d731830cb76f3010b82cef58d2a8e750b27d1bb226f46

    • SSDEEP

      1572864:l1l/QJW8ZMAhRnOPrONJ0Vl4uyE7zqJtD8jGwd:Xl/EvZMAhBOycVlhfgDDU

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks