General
-
Target
Magnet AXIOM Forensics Activation Tool.exe
-
Size
23.1MB
-
Sample
220215-mc3e3afbdl
-
MD5
b43c4d3fae11c4cdbbc595503b593fde
-
SHA1
e2ef9bf6775ba638a363a5b3ce1e6e3ce727893b
-
SHA256
ab4fc355fe35a1e645487e54c2c5c4d78f31dc41d8d1fe416b23bd78eadf0a0a
-
SHA512
c4ec5912f54bc313bf3b1262fef4e520725ffc63a7252f1ff7ce034ec71278114ac7c87171bb770d1c94253e4af31c8f0b5a73f104528fa78d3e25d758b43d0d
Malware Config
Targets
-
-
Target
Magnet AXIOM Forensics Activation Tool.exe
-
Size
23.1MB
-
MD5
b43c4d3fae11c4cdbbc595503b593fde
-
SHA1
e2ef9bf6775ba638a363a5b3ce1e6e3ce727893b
-
SHA256
ab4fc355fe35a1e645487e54c2c5c4d78f31dc41d8d1fe416b23bd78eadf0a0a
-
SHA512
c4ec5912f54bc313bf3b1262fef4e520725ffc63a7252f1ff7ce034ec71278114ac7c87171bb770d1c94253e4af31c8f0b5a73f104528fa78d3e25d758b43d0d
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
autoit_exe
AutoIT scripts compiled to PE executables.
-