f20c459fba470bad43573c6e55f80128b8442b19065360d3b636e5dcab6bbcc5

General

Target

Scorpion virus 3.1.rar
Size

36.0MB
Sample

240422-sg82ascg7v
MD5

c024191435c22535750cad3110501fea
SHA1

91f028ca29e5d1aa6bd181ecf7a1d609f445e3b2
SHA256

f20c459fba470bad43573c6e55f80128b8442b19065360d3b636e5dcab6bbcc5
SHA512

ccf565ab7c7b68e769cc2bff53aa0b86623c7157155667e0a8240a7e3f93174bdbc9c5bc6ec2b87c78d5a184b9120957a4129bf7a811ad91acee7e23e88b62ea
SSDEEP

786432:7KCFH/Z0kpaSek5cWX+PB7fuRQ6dqSz4/CFNVXc2kkwnX67mnb3EXKF:7KCRcTPcRQAqSz1bVhBmAmnAKF

Score

10^/10

Malware Config

Targets

- Target
  
  Scorpion virus 3.1/AxInterop.WMPLib.dll
- Size
  
  52KB
- MD5
  
  bca286fbe08feb251b78ff923050d339
- SHA1
  
  9e08ce3ef33e87a2e71a9b6735ec43b300d69b38
- SHA256
  
  545b019d77e4f9c2ed2bd4f9237fbef40dfecd6fe23981f1176617a02dfe4794
- SHA512
  
  6f48c7fd5435cebb1096d6d626ceafc88498e9888b19a6a6bfc6fa845b592f2a9c3021a41fd8eeddd69edb22438b43faad9ed1705b96a101d79ac34c0c06522c
- SSDEEP
  
  768:yTiglqcPGmH+BSITBFo+iRdbBFS1WSbfi5qlD+P2mHvaVhXUWdY6Xnz:RgvH+oETfiRnFS1WSbfi5qlsaV2WGiz
Score

1^/10
behavioral1 behavioral2
- Target
  
  Scorpion virus 3.1/Interop.WMPLib.dll
- Size
  
  323KB
- MD5
  
  5d0bb85cb29b93a981224d61ec822dbe
- SHA1
  
  02b34c5a0275d726895acd1e5cc00dad8becf184
- SHA256
  
  48210cb674a629a2901c1a925fceee32e17c9e71bf79a6365920a1a6b1bff9b3
- SHA512
  
  5d78cb0032e1fa684ea32fae71318798fc2de14a55bb5943543b780598ad685a28e9a45644cc8af63f9cafbb7d68374bfbe7d0f57ff215abe41a1544f4305ab7
- SSDEEP
  
  6144:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCr7:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLD
Score

1^/10
behavioral3 behavioral4
- Target
  
  Scorpion virus 3.1/Scorpion Virus 3.exe
- Size
  
  36.5MB
- MD5
  
  d0e66f5f50ec0bc9e3cea469a1a165e7
- SHA1
  
  33775f71b584338e92378339f3c75d2fb4395367
- SHA256
  
  968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716
- SHA512
  
  517e3d4b7517125ae683ad6839d71919cf0669e4c55cf0708b35c483d4694051f0e2f876e2dec48911e1880663225b3d6ce561fc96ca2d068aaa26995d57205b
- SSDEEP
  
  786432:RlYc37VfbStNpSamHlB0+zIeUjQFI5pi75v0kOGaX9IvpggLpRi4TFiABzB:RpVDYSfzIFj55pdkOGgIeeTi4TFZ
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral5 behavioral6