Comet_Rat_v1[.]2[.]rar

Resubmissions

09/04/2024, 10:24

240409-mfrsqsce98 7

09/04/2024, 10:22

240409-megldafh5w 3

Sharing

Copy URL Twitter E-mail

General

Target

Comet_Rat_v1.2.rar
Size

1.9MB
MD5

7ae1bb71fab990589234f2e3c3440ad2
SHA1

2d6ccb1e49925ffc118327fdc13ce5d046174de7
SHA256

a968914308e1c2bcf26b1a7335041913c666312bf83e559e1badec37d9cb9f54
SHA512

75a8990aa0b5cbde0f8722ee5cdec5ee8f31e6350601436af8a5f0f609ab9caf48ba339574020387379bbb26a5e94de794ad4bcf8b1972c07b5f4a67a701eb30
SSDEEP

49152:ewV9jTBpKY52WNSK9wjGvCsIm3SS2C70URB6Al2uQr8:z7j/2gDIm3/XB6AwuQr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Comet Rat v1.2/AxInterop.SystemMonitor.dll
unpack001/Comet Rat v1.2/AxInterop.WMPLib.dll
unpack001/Comet Rat v1.2/IOS/mpress.exe
unpack001/Comet Rat v1.2/Interop.SystemMonitor.dll
unpack001/Comet Rat v1.2/Interop.WMPLib.dll
unpack001/Comet Rat v1.2/Mono.Cecil.dll
unpack001/Comet Rat v1.2/Stub.exe
unpack001/Comet Rat v1.2/comet v1.2.exe

Files

Comet_Rat_v1.2.rar
.rar

Password: cve0day
Comet Rat v1.2/AxInterop.SystemMonitor.dll
.dll windows:4 windows x86 arch:x86

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/AxInterop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/IOS/H-092.ico
Comet Rat v1.2/IOS/Kx.wav
Comet Rat v1.2/IOS/Ls.jpg
.jpg

Password: cve0day
Comet Rat v1.2/IOS/MY.wav
Comet Rat v1.2/IOS/ico/1.ico
Comet Rat v1.2/IOS/ico/10.ico
Comet Rat v1.2/IOS/ico/11.ico
Comet Rat v1.2/IOS/ico/12.ico
Comet Rat v1.2/IOS/ico/13.ico
Comet Rat v1.2/IOS/ico/14.ico
Comet Rat v1.2/IOS/ico/15.ico
Comet Rat v1.2/IOS/ico/16.ico
Comet Rat v1.2/IOS/ico/17.ico
Comet Rat v1.2/IOS/ico/18.ico
Comet Rat v1.2/IOS/ico/2.ico
Comet Rat v1.2/IOS/ico/3.ico
Comet Rat v1.2/IOS/ico/4.ico
Comet Rat v1.2/IOS/ico/5.ico
Comet Rat v1.2/IOS/ico/6.ico
Comet Rat v1.2/IOS/ico/7.ico
Comet Rat v1.2/IOS/ico/8.ico
Comet Rat v1.2/IOS/ico/9.ico
Comet Rat v1.2/IOS/mpress.exe
.exe windows:4 windows x86 arch:x86

Password: cve0day

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

imagehlp

CheckSumMappedFile

Sections

.MPRESS1
Size: 88KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Comet Rat v1.2/IOS/xxx.wav
Comet Rat v1.2/Interop.SystemMonitor.dll
.dll windows:4 windows x86 arch:x86

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Interop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Simon\Desktop\cecil-master\obj\net_2_0_Release\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Stub.exe
.exe windows:4 windows x86 arch:x86

Password: cve0day

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hackeng\Desktop\StubX\StubX\obj\Debug\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/comet v1.2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hackeng\Desktop\comet\comet\comet\obj\Debug\comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: cve0day

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 512B - Virtual size: 12B

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 512B - Virtual size: 12B

Password: cve0day

Password: cve0day

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

Imports

kernel32

imagehlp

Sections

.MPRESS1 Size: 88KB - Virtual size: 216KB

.MPRESS2 Size: 1024B - Virtual size: 862B

.rsrc Size: 11KB - Virtual size: 11KB

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 55KB - Virtual size: 54KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 512B - Virtual size: 12B

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 326KB - Virtual size: 326KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 512B - Virtual size: 12B

Password: cve0day

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 271KB - Virtual size: 270KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

Password: cve0day

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

.text
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 512B - Virtual size: 12B

.MPRESS1
Size: 88KB - Virtual size: 216KB

.MPRESS2
Size: 1024B - Virtual size: 862B

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 326KB - Virtual size: 326KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 271KB - Virtual size: 270KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 158KB - Virtual size: 157KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 1024B - Virtual size: 584B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.6MB - Virtual size: 3.6MB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 12B