General
-
Target
Scorpion virus 3.1.rar
-
Size
36.0MB
-
Sample
240422-sg82ascg7v
-
MD5
c024191435c22535750cad3110501fea
-
SHA1
91f028ca29e5d1aa6bd181ecf7a1d609f445e3b2
-
SHA256
f20c459fba470bad43573c6e55f80128b8442b19065360d3b636e5dcab6bbcc5
-
SHA512
ccf565ab7c7b68e769cc2bff53aa0b86623c7157155667e0a8240a7e3f93174bdbc9c5bc6ec2b87c78d5a184b9120957a4129bf7a811ad91acee7e23e88b62ea
-
SSDEEP
786432:7KCFH/Z0kpaSek5cWX+PB7fuRQ6dqSz4/CFNVXc2kkwnX67mnb3EXKF:7KCRcTPcRQAqSz1bVhBmAmnAKF
Static task
static1
Behavioral task
behavioral1
Sample
Scorpion virus 3.1/AxInterop.WMPLib.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Scorpion virus 3.1/AxInterop.WMPLib.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Scorpion virus 3.1/Interop.WMPLib.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Scorpion virus 3.1/Interop.WMPLib.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Scorpion virus 3.1/Scorpion Virus 3.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Scorpion virus 3.1/Scorpion Virus 3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Scorpion virus 3.1/AxInterop.WMPLib.dll
-
Size
52KB
-
MD5
bca286fbe08feb251b78ff923050d339
-
SHA1
9e08ce3ef33e87a2e71a9b6735ec43b300d69b38
-
SHA256
545b019d77e4f9c2ed2bd4f9237fbef40dfecd6fe23981f1176617a02dfe4794
-
SHA512
6f48c7fd5435cebb1096d6d626ceafc88498e9888b19a6a6bfc6fa845b592f2a9c3021a41fd8eeddd69edb22438b43faad9ed1705b96a101d79ac34c0c06522c
-
SSDEEP
768:yTiglqcPGmH+BSITBFo+iRdbBFS1WSbfi5qlD+P2mHvaVhXUWdY6Xnz:RgvH+oETfiRnFS1WSbfi5qlsaV2WGiz
Score1/10 -
-
-
Target
Scorpion virus 3.1/Interop.WMPLib.dll
-
Size
323KB
-
MD5
5d0bb85cb29b93a981224d61ec822dbe
-
SHA1
02b34c5a0275d726895acd1e5cc00dad8becf184
-
SHA256
48210cb674a629a2901c1a925fceee32e17c9e71bf79a6365920a1a6b1bff9b3
-
SHA512
5d78cb0032e1fa684ea32fae71318798fc2de14a55bb5943543b780598ad685a28e9a45644cc8af63f9cafbb7d68374bfbe7d0f57ff215abe41a1544f4305ab7
-
SSDEEP
6144:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Funwh6DsN2PIpCr7:wpkr2dY/aBcjJOBHOBIQBajMtWvoJiLD
Score1/10 -
-
-
Target
Scorpion virus 3.1/Scorpion Virus 3.exe
-
Size
36.5MB
-
MD5
d0e66f5f50ec0bc9e3cea469a1a165e7
-
SHA1
33775f71b584338e92378339f3c75d2fb4395367
-
SHA256
968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716
-
SHA512
517e3d4b7517125ae683ad6839d71919cf0669e4c55cf0708b35c483d4694051f0e2f876e2dec48911e1880663225b3d6ce561fc96ca2d068aaa26995d57205b
-
SSDEEP
786432:RlYc37VfbStNpSamHlB0+zIeUjQFI5pi75v0kOGaX9IvpggLpRi4TFiABzB:RpVDYSfzIFj55pdkOGgIeeTi4TFZ
Score10/10-
Modifies WinLogon for persistence
-
Modifies security service
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
8Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1File and Directory Permissions Modification
1