Overview

overview

10

Static

static

10

comet exec...re.dll

windows7-x64

1

comet exec...re.dll

windows10-2004-x64

1

comet exec...ms.dll

windows7-x64

1

comet exec...ms.dll

windows10-2004-x64

1

comet exec...pf.dll

windows7-x64

1

comet exec...pf.dll

windows10-2004-x64

1

comet exec...p1.exe

windows7-x64

1

comet exec...p1.exe

windows10-2004-x64

1

f_000001.js

windows7-x64

3

f_000001.js

windows10-2004-x64

3

f_000003.js

windows7-x64

3

f_000003.js

windows10-2004-x64

3

comet exec...no.dll

windows7-x64

1

comet exec...no.dll

windows10-2004-x64

1

comet exec...64.dll

windows7-x64

1

comet exec...64.dll

windows10-2004-x64

1

comet exec...64.dll

windows7-x64

1

comet exec...64.dll

windows10-2004-x64

1

comet exec...sh.dll

windows7-x64

1

comet exec...sh.dll

windows10-2004-x64

1

comet exec...td.dll

windows7-x64

1

comet exec...td.dll

windows10-2004-x64

1

comet exec...et.exe

windows7-x64

1

comet exec...et.exe

windows10-2004-x64

6

comet exec...is.dll

windows7-x64

1

comet exec...is.dll

windows10-2004-x64

1

comet exec...er.dll

windows7-x64

1

comet exec...er.dll

windows10-2004-x64

1

comet exec...er.dll

windows10-2004-x64

1

comet exec...er.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20705626067.zip

  • Size

    13.6MB

  • Sample

    250115-rq63mavngv

  • MD5

    8703d12d7f010947e014077430816c33

  • SHA1

    0c6afe5835a9e45be5069a9b754fde73517ddee4

  • SHA256

    68ce0596f2dd777965778b1f99874ff65b447c01732e67c856523ae0598e121f

  • SHA512

    f2b49c873873e6ab67ab5716a1212f4c210b28f6474619d35ca8b8bb7f6dcbc69d2dfb0f0775c2b2f2960174d8ef41f9b4d565c25bd5f518afb4ba99bb5e6ea2

  • SSDEEP

    393216:p2fGGat93XymCJ3+YBYqUy/2XY2cwSuvw1uHMjE5P:p2eG2VCV+u87Y2Nbvw1uHMo5P

Score
10/10
skulddiscoveryexecutionpersistence

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1322398794419015753/NZNEWJwo5JJ1lKwMMwjjMMzRzkgLEEjAnLjtCAVrQHzUKbBfWb1O9aM5Shlyd-Za8Ry1

Targets

    • Target

      comet executor/Comet Executor/Microsoft.Web.WebView2.Core.dll

    • Size

      589KB

    • MD5

      a53ba26a25f78f512cb2f393f9c96463

    • SHA1

      4176d5607859817a0b44a253c34f7edb3a46f21e

    • SHA256

      88a3b62f45225a811cdb85df6dfd95c2bff9a0e43e3b04f813b125eaca56cc9f

    • SHA512

      df1cd812fce4a46cae7f4d59256a12732367d16981b01f1067d58966d6612ae102eaa274fc3c9ac21aeb0422cf09ac1232fbe2b74d1daf6c76489f6e8de16751

    • SSDEEP

      12288:WrCyR/rpQ322fy+uFKcDmuRFNEMzeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLc6:Va7

    Score
    1/10
    behavioral1behavioral2

    • Target

      comet executor/Comet Executor/Microsoft.Web.WebView2.WinForms.dll

    • Size

      38KB

    • MD5

      97b823df48a222490e6f5ded50d8bd25

    • SHA1

      12aa63046320aafca64ad00f2bfa42a449ee1737

    • SHA256

      b3a0e4513a9920bead16b5488586211f858ca9091298446e45e4dc8998891208

    • SHA512

      b1e52015b7a66d8d5fff0039b276d7889a707f1f827e2cd1ef9de3c7f7ce1bb4f8611d466993f40e9296ff602caeb685a31ec21ad64d746710e6c9b5d63992df

    • SSDEEP

      768:7HNaz0wClrsoZdQtZDgcEST3p4Jjrjh2je+SG2au8vxJKia5/Zi/ZG4Kzu6bdjUH:5aIvQtZDgcEST3p4Jjrjae+SG2au4xJZ

    Score
    1/10
    behavioral3behavioral4

    • Target

      comet executor/Comet Executor/Microsoft.Web.WebView2.Wpf.dll

    • Size

      81KB

    • MD5

      ea666d4e676af786b0b8d7cbd3cb7aed

    • SHA1

      2f1d0591192852bcbb82a68084c39f90519b8753

    • SHA256

      9367fe5dd7a8a1362544dd22cbf665215aed30abae6da780d5567b01e2d941a3

    • SHA512

      08a2af40eb6931d0920e33ab10bfa09c58bb882b5f59eced21b670fe162f727e23dd732d8f85056bc131a18cfeaa6faaaec9785a35f5b09a6e6b523f30e1cc8f

    • SSDEEP

      1536:2bjmE+c3StQ9azGhp8dYNUDHfFWyEb30mpc4Jjr4YeUqiHhCU0NdnbvUufk/UaTM:2bAc3S+4zyp8yUDHfFC30mpc4Jjr4Yef

    Score
    1/10
    behavioral5behavioral6

    • Target

      comet executor/Comet Executor/WinFormsApp1.dll

    • Size

      10KB

    • MD5

      fb8af0ae662044b367015d2e7c9f24ed

    • SHA1

      843be4e7fde23f4cd6be0593cf9d006de6a1b3cd

    • SHA256

      c294d851870c236e96fcf3496cd5d6e7ead342277d8d7f2c4cb27967492b25c2

    • SHA512

      a09f642f47574fcb7dc5f44bfb01d06961c6c7dcfc23cead2f5fdd1b741336b7b5eda3e33614d8ed7a811596f587a7fe6617f71b925aa3d55ed93294ebc1aa32

    • SSDEEP

      192:JAxCMdKz3E4Bj60Hd1p0Q4NmMwd+ctTuWgkDoMT6uZX1ZsInKoL:JAxCMdKzrBuk/4Ud+ctHgkDoMT6wX8Ro

    Score
    1/10
    behavioral7behavioral8

    • Target

      f_000001

    • Size

      2.0MB

    • MD5

      9399a8eaa741d04b0ae6566a5ebb8106

    • SHA1

      5646a9d35b773d784ad914417ed861c5cba45e31

    • SHA256

      93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

    • SHA512

      d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

    • SSDEEP

      24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      f_000003

    • Size

      2.0MB

    • MD5

      9399a8eaa741d04b0ae6566a5ebb8106

    • SHA1

      5646a9d35b773d784ad914417ed861c5cba45e31

    • SHA256

      93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

    • SHA512

      d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

    • SSDEEP

      24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      comet executor/Comet Executor/bin/Xeno.dll

    • Size

      958KB

    • MD5

      922e65fd502fedf855422f9343fb88fa

    • SHA1

      12803d54a1c91ba25bae7d924016e0dce667ab15

    • SHA256

      6a1afc9c98761fcd93f1f8878b673af549f3bbe97d6ae3ecb23a080462a41d54

    • SHA512

      b4cb9f19eec8e2d159733f39580e762a7ef74f2e962618d7b8b969bb84e294867890a20c503feea53dc451eb9cd03d41e35c2d5825c16bf730ba4c2081e0a8c2

    • SSDEEP

      12288:2GhQW0to+40OXmwuFyEd/LJgxUZ8ipQsxja67rno+X24KkT0M01/:2GooRpXmhyEWUZ8iQEjv7kj4KkT0

    Score
    1/10
    behavioral13behavioral14

    • Target

      comet executor/Comet Executor/bin/libcrypto-3-x64.dll

    • Size

      4.5MB

    • MD5

      be0f6d1d60e149cedaca33a04963e05f

    • SHA1

      b686e1ed9ae47b8ae803a5d9e912b0e631bc4217

    • SHA256

      81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86

    • SHA512

      7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff

    • SSDEEP

      98304:5l+f+Kv6t8y37re39P6k1CPwDvt3uFGCC:/Cyt8yLre39yk1CPwDvt3uFGCC

    Score
    1/10
    behavioral15behavioral16

    • Target

      comet executor/Comet Executor/bin/libssl-3-x64.dll

    • Size

      802KB

    • MD5

      733e3b58ee1760a442fec4712848c3ad

    • SHA1

      529206caad19cce2424323bc29a9fb9a4bbd3e76

    • SHA256

      159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7

    • SHA512

      10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88

    • SSDEEP

      12288:uDYDcpeu9jFBOBJfbudc68KqLie1+jKMwmUxlcdEVB3ks:usM9jFr8OeW5wmNdEVB3k

    Score
    1/10
    behavioral17behavioral18

    • Target

      comet executor/Comet Executor/bin/xxhash.dll

    • Size

      46KB

    • MD5

      70c514826d9428f184d27f0c8f397404

    • SHA1

      e6b0b1a396de9913004d9bcaa230972686416bb6

    • SHA256

      aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64

    • SHA512

      168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6

    • SSDEEP

      768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z

    Score
    1/10
    behavioral19behavioral20

    • Target

      comet executor/Comet Executor/bin/zstd.dll

    • Size

      638KB

    • MD5

      5b96fb0d4e6453680da278f5b7e51a29

    • SHA1

      3c96a29248fa3644de2c653a5d97c1e21b13a769

    • SHA256

      1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478

    • SHA512

      27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193

    • SSDEEP

      6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO

    Score
    1/10
    behavioral21behavioral22

    • Target

      comet executor/Comet Executor/comet.exe

    • Size

      14.8MB

    • MD5

      abab785743320daa11ebdbfe09bbf4af

    • SHA1

      bad5790b6f5a1b59e99b341ebbed30775d89b5f4

    • SHA256

      949c396cb29d99291e39a3e6029480b53511d0f7eebca93ec160a1b23e67b338

    • SHA512

      bb7dc4dfe84a39162fb086e51ea989b7c3cddce9ada75e02391cbb757ed954a909e37ed0f5a79084ebd275a3be717f5f31e141a9693b0705186efd3dcf1ce5cd

    • SSDEEP

      196608:CitOI01DSfgMh0DVmUNzyjaS1imMFMYfJWX+Rk:CiUI4DYomzb1iFMoWX+i

    Score
    6/10
    persistence
    behavioral23behavioral24

    • Target

      comet executor/Comet Executor/cxapis.dll

    • Size

      10KB

    • MD5

      4ae4a4a268ccd36acffa1674ebbf910e

    • SHA1

      b3737ff0d2296a6e5b652af1a4a519f2b336295b

    • SHA256

      910716461ccde7774e637f214bc1de262dce0c371751a585ed1dcf84ee748faf

    • SHA512

      5c80f85cdeb634be6986131c974b7a400a6cbac4b33e0a9c0523b679df2fea821322d32c8cb1870d6ad07bb5d1e9c35123cd89724de1a6b359b252ecced567be

    • SSDEEP

      192:UL7yBcpRmejh/vFDXtLwZgCw5c4uvFMURQDWVVUF6:UHyBcpRjjh/NtLwZJwNsMUV46

    Score
    1/10
    behavioral25behavioral26

    • Target

      comet executor/Comet Executor/runtimes/win-arm64/native/WebView2Loader.dll

    • Size

      136KB

    • MD5

      d18bd21907b26ff857e739948eff1087

    • SHA1

      31f6151b66519613be658a9f174f829b3cb3de9f

    • SHA256

      cb561ae4537e39bba5dd8af1f648f189d9562b1003fd110a9e889ace527fb4e8

    • SHA512

      dd1b1655fb19bc34318d1d8464a8c3c5c050e074861ff22bbc6eee71c153cbace80558dbcbbf202556d7246bb345e26e92935758d8f516b6514c211c7cd76517

    • SSDEEP

      3072:/kP23RyMZbrLUnlZxMPm6OSxTVseEtJm8FDcT:MP2ByMZbXUHneEtJ3Fo

    Score
    1/10
    behavioral27behavioral28

    • Target

      comet executor/Comet Executor/runtimes/win-x64/native/WebView2Loader.dll

    • Size

      162KB

    • MD5

      c9a5d0f278d57d83a03404b8baeeac64

    • SHA1

      39d44b999c1d89c36136804a373d4d427bc7d679

    • SHA256

      462b36fd1be6ca9f7563466a89e57c41ef4a4def3e0a84fa885d203aea4a3aaf

    • SHA512

      97dfb08eae34624b7679a4bb07dee242b2a38324dc13b8aaec6de7f6fed477e9f9bc7474d4df9fbe907d1a460723db7177b7128a26edf5bd73d38d4d45722db6

    • SSDEEP

      3072:fXAne8TlTRTSpL1ThTNTRyMDjRb/hy75HGRtVBviiZsZ5AalCPTxiEtJx9eg8Xjm:/yTlTRTUL1ThTNTRyeLq1GRtVBvPZsrw

    Score
    1/10
    behavioral29

    • Target

      comet executor/Comet Executor/runtimes/win-x86/native/WebView2Loader.dll

    • Size

      113KB

    • MD5

      7254e511f7bbc49652079d1bb2c737f1

    • SHA1

      4992f889460da4c97f8f8c33634a0a2f1ce17b76

    • SHA256

      6f59ad578fde1f65c44b6935dab0901f014b5268e056b930fb34c0919f1bf4b9

    • SHA512

      5b40cd18b9b966dba1139befefa341977eebc23d288905d1529e319867ad73b471d9f2c85c6442f310afe981b01db0f01594775aec1a36e3e8fbfc21c8aba19f

    • SSDEEP

      3072:GeCt9WJtX8ri9f2+DP6zmDgqeNZPTLxEtJhAlC0Jf4fm3L:GT9WJtswdSzXVEtJ6Yq2m7

    Score
    3/10
    discovery
    behavioral30

MITRE ATT&CK Enterprise v15

Tasks