ab2203a423dbd9d67beaaf83a853595bdd85f269042ca321bac4793ab4094c26

General

Target

v3.iso
Size

36.0MB
Sample

240422-sc787scg3x
MD5

c8e42d481a7be36ac4c17bf663e1604d
SHA1

5af20a52a775397667f4d82adbfb485c3b9b3e2a
SHA256

ab2203a423dbd9d67beaaf83a853595bdd85f269042ca321bac4793ab4094c26
SHA512

62061ee9a655259114db0ad944dc2f25e0983da7b436517b0ab322e0cc826ca899a8bdd4ad8ad1ae70be86a5eaa74831e14b52bda2bb37608852e97f74ec319d
SSDEEP

786432:6KCFH/Z0kpaSek5cWX+PB7fuRQ6dqSz4/CFNVXc2kkwnX67mnb3EXK:6KCRcTPcRQAqSz1bVhBmAmnAK

Score

10^/10

Malware Config

Targets

- Target
  
  Scorpion virus 3.1/AxInterop.WMPLib.dll
- Size
  
  52KB
- MD5
  
  bca286fbe08feb251b78ff923050d339
- SHA1
  
  9e08ce3ef33e87a2e71a9b6735ec43b300d69b38
- SHA256
  
  545b019d77e4f9c2ed2bd4f9237fbef40dfecd6fe23981f1176617a02dfe4794
- SHA512
  
  6f48c7fd5435cebb1096d6d626ceafc88498e9888b19a6a6bfc6fa845b592f2a9c3021a41fd8eeddd69edb22438b43faad9ed1705b96a101d79ac34c0c06522c
- SSDEEP
  
  768:yTiglqcPGmH+BSITBFo+iRdbBFS1WSbfi5qlD+P2mHvaVhXUWdY6Xnz:RgvH+oETfiRnFS1WSbfi5qlsaV2WGiz
Score

1^/10
behavioral1 behavioral2
- Target
  
  Scorpion virus 3.1/Interop.WMPLib.dll
- Size
  
  323KB
- MD5
  
  5d0bb85cb29b93a981224d61ec822dbe
- SHA1
  
  02b34c5a0275d726895acd1e5cc00dad8becf184
- SHA256
  
  48210cb674a629a2901c1a925fceee32e17c9e71bf79a6365920a1a6b1bff9b3
- SHA512
  
  5d78cb0032e1fa684ea32fae71318798fc2de14a55bb5943543b780598ad685a28e9a45644cc8af63f9cafbb7d68374bfbe7d0f57ff215abe41a1544f4305ab7
- SSDEEP
  
  6144:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCr7:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLD
Score

1^/10
behavioral3 behavioral4
- Target
  
  Scorpion virus 3.1/Scorpion Virus 3.exe
- Size
  
  36.5MB
- MD5
  
  d0e66f5f50ec0bc9e3cea469a1a165e7
- SHA1
  
  33775f71b584338e92378339f3c75d2fb4395367
- SHA256
  
  968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716
- SHA512
  
  517e3d4b7517125ae683ad6839d71919cf0669e4c55cf0708b35c483d4694051f0e2f876e2dec48911e1880663225b3d6ce561fc96ca2d068aaa26995d57205b
- SSDEEP
  
  786432:RlYc37VfbStNpSamHlB0+zIeUjQFI5pi75v0kOGaX9IvpggLpRi4TFiABzB:RpVDYSfzIFj55pdkOGgIeeTi4TFZ
Score

10^/10

adware discovery evasion exploit persistence spyware stealer trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Registers new Print Monitor
  persistence
- Sets file execution options in registry
  persistence
- Drops startup file
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
behavioral5 behavioral6