Overview

overview

10

Static

static

3

comet.exe

windows11-21h2-x64

10

key.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/09/2024, 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    comet.exe

  • Size

    1.2MB

  • MD5

    01ebbbb0e2be2e83ee16356f9d0d0cf5

  • SHA1

    1c21379e4deb3faecc927cdbd70f25f8f42c74d8

  • SHA256

    2b04ca0db9427df8711aba88c6263c2ab3639c54d4c6cd78ae5197b057041b03

  • SHA512

    3b68df217a9888b3313c7036d6ef1fb7b7986dd6a1621aa0b70654797d53e2c57982d9363c070ceef136034db710ebf901a03fb210fb4b036d5d557d68f5d5c0

  • SSDEEP

    24576:I1NJjDBAOySOTQcPTAcySiDNpfVkqgfPyU8/oa8reuaDH40:InJjDaOyL70nS4pfVkqgy6r3aE

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\comet.exe
    "C:\Users\Admin\AppData\Local\Temp\comet.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:660
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/660-0-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/660-1-0x0000000000DB0000-0x0000000000EE6000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/660-2-0x0000000006030000-0x00000000065D6000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/660-3-0x00000000059A0000-0x0000000005A32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/660-4-0x0000000005950000-0x0000000005962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/660-5-0x0000000005B70000-0x0000000005B7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/660-6-0x0000000074CB0000-0x0000000075461000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/660-7-0x0000000005D70000-0x0000000005F82000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/660-8-0x0000000074CB0000-0x0000000075461000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/660-9-0x00000000092E0000-0x000000000931C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/660-10-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/660-11-0x0000000074CB0000-0x0000000075461000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/720-12-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-14-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-13-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-19-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-24-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-23-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-22-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-21-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-20-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/720-18-0x0000026826710000-0x0000026826711000-memory.dmp

    Filesize

    4KB

    Download