ScorpionTool[.]exe | Triage

Resubmissions

14-05-2024 09:50

240514-lt4h1sah21 10

14-05-2024 09:48

240514-ls2yssbb99 10

Sharing

General

Target

ScorpionTool.exe
Size

14.7MB
MD5

1fa5f0dad29dd8494a0f6ec19ae54135
SHA1

377c3eea9d87f447dc8087559952675d577b5212
SHA256

73fec669d22c5c4ed518a11681e8b2af2038eca843ada4be221495d683f4fe48
SHA512

0a7351d3cff651e4fd4e6cb7d49850c683a5801c7d2c950a35d20bbf69f0575f8f2fee4fab6c449c2c15eb1423c23355da1799c1ff6c74f1248d32180aff6943
SSDEEP

393216:Ytd45Gs7PJR6UfvxUS15iab4U4lMl4LvdPWYFbx/6IX:YtOwAR6UfvxUS1Ua8UmMlEWY33

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ScorpionTool.exe

Files

ScorpionTool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\f\Desktop\scorpion\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14.3MB - Virtual size: 14.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ