blankgrabber | 0174573b97f82a0baa49539e68a5de0cdcb383fb99454d8009fa2c70000557cf | Triage

Submit
Reports

Overview

overview

Static

static

Comet.exe

windows11-21h2-x64

8

Sharing

General

Target

Comet.exe
Size

7.6MB
Sample

241201-yg58asvkbq
MD5

33aa2ecd9dc46eeb648d79ad615dc1d1
SHA1

52ff371b81c4659b5fa58e298ae27453edec6a49
SHA256

0174573b97f82a0baa49539e68a5de0cdcb383fb99454d8009fa2c70000557cf
SHA512

18b11ef1d6825e0b0c23c661782838c306ecfa56c1cdd456146f7465dceff59e9caf1d0be28a4683d0c54c37e138c1f9dbd3802352c742e03e2f1862239bd198
SSDEEP

196608:xLpHYK7wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jA:oIHziK1piXLGVE4Ue0VJ0

Score

10^/10

blankgrabber collection defense_evasion discovery execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Comet.exe

Resource

win11-20241007-en

collection defense_evasion discovery execution spyware stealer upx

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Comet.exe
- Size
  
  7.6MB
- MD5
  
  33aa2ecd9dc46eeb648d79ad615dc1d1
- SHA1
  
  52ff371b81c4659b5fa58e298ae27453edec6a49
- SHA256
  
  0174573b97f82a0baa49539e68a5de0cdcb383fb99454d8009fa2c70000557cf
- SHA512
  
  18b11ef1d6825e0b0c23c661782838c306ecfa56c1cdd456146f7465dceff59e9caf1d0be28a4683d0c54c37e138c1f9dbd3802352c742e03e2f1862239bd198
- SSDEEP
  
  196608:xLpHYK7wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jA:oIHziK1piXLGVE4Ue0VJ0
Score

8^/10

collection defense_evasion discovery execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Obfuscated Files or Information

Command Obfuscation

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Clipboard Data

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondefense_evasiondiscoveryexecutionspywarestealerupx

© 2018-2025

Terms | Privacy