General
-
Target
v3.iso
-
Size
36.0MB
-
Sample
240422-sc787scg3x
-
MD5
c8e42d481a7be36ac4c17bf663e1604d
-
SHA1
5af20a52a775397667f4d82adbfb485c3b9b3e2a
-
SHA256
ab2203a423dbd9d67beaaf83a853595bdd85f269042ca321bac4793ab4094c26
-
SHA512
62061ee9a655259114db0ad944dc2f25e0983da7b436517b0ab322e0cc826ca899a8bdd4ad8ad1ae70be86a5eaa74831e14b52bda2bb37608852e97f74ec319d
-
SSDEEP
786432:6KCFH/Z0kpaSek5cWX+PB7fuRQ6dqSz4/CFNVXc2kkwnX67mnb3EXK:6KCRcTPcRQAqSz1bVhBmAmnAK
Static task
static1
Behavioral task
behavioral1
Sample
Scorpion virus 3.1/AxInterop.WMPLib.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Scorpion virus 3.1/AxInterop.WMPLib.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Scorpion virus 3.1/Interop.WMPLib.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Scorpion virus 3.1/Interop.WMPLib.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Scorpion virus 3.1/Scorpion Virus 3.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
Scorpion virus 3.1/AxInterop.WMPLib.dll
-
Size
52KB
-
MD5
bca286fbe08feb251b78ff923050d339
-
SHA1
9e08ce3ef33e87a2e71a9b6735ec43b300d69b38
-
SHA256
545b019d77e4f9c2ed2bd4f9237fbef40dfecd6fe23981f1176617a02dfe4794
-
SHA512
6f48c7fd5435cebb1096d6d626ceafc88498e9888b19a6a6bfc6fa845b592f2a9c3021a41fd8eeddd69edb22438b43faad9ed1705b96a101d79ac34c0c06522c
-
SSDEEP
768:yTiglqcPGmH+BSITBFo+iRdbBFS1WSbfi5qlD+P2mHvaVhXUWdY6Xnz:RgvH+oETfiRnFS1WSbfi5qlsaV2WGiz
Score1/10 -
-
-
Target
Scorpion virus 3.1/Interop.WMPLib.dll
-
Size
323KB
-
MD5
5d0bb85cb29b93a981224d61ec822dbe
-
SHA1
02b34c5a0275d726895acd1e5cc00dad8becf184
-
SHA256
48210cb674a629a2901c1a925fceee32e17c9e71bf79a6365920a1a6b1bff9b3
-
SHA512
5d78cb0032e1fa684ea32fae71318798fc2de14a55bb5943543b780598ad685a28e9a45644cc8af63f9cafbb7d68374bfbe7d0f57ff215abe41a1544f4305ab7
-
SSDEEP
6144:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCr7:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLD
Score1/10 -
-
-
Target
Scorpion virus 3.1/Scorpion Virus 3.exe
-
Size
36.5MB
-
MD5
d0e66f5f50ec0bc9e3cea469a1a165e7
-
SHA1
33775f71b584338e92378339f3c75d2fb4395367
-
SHA256
968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716
-
SHA512
517e3d4b7517125ae683ad6839d71919cf0669e4c55cf0708b35c483d4694051f0e2f876e2dec48911e1880663225b3d6ce561fc96ca2d068aaa26995d57205b
-
SSDEEP
786432:RlYc37VfbStNpSamHlB0+zIeUjQFI5pi75v0kOGaX9IvpggLpRi4TFiABzB:RpVDYSfzIFj55pdkOGgIeeTi4TFZ
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Registers new Print Monitor
-
Sets file execution options in registry
-
Drops startup file
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
7Registry Run Keys / Startup Folder
6Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
7Registry Run Keys / Startup Folder
6Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
13Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1File and Directory Permissions Modification
1Discovery
System Information Discovery
6Query Registry
5Peripheral Device Discovery
2