Overview

overview

10

Static

static

exec_ap.exe

windows7_x64

10

exec_ap.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    exec_ap.exe

  • Size

    3.9MB

  • Sample

    220423-h8ydrsfbfp

  • MD5

    37130df0dc6057afaf677c2907eebdb4

  • SHA1

    75caff36d1115049d605f91a651bf0f8479118cc

  • SHA256

    08c11a4d6f275b0a5b57871c8d02097ec77019215ef66fb4e73dc7c29cf6833c

  • SHA512

    357185b2e36508485329a13792a9741ea5040db09b482e6ce10a67581f982883df79b0367a53bb8fcc2574fcdf2dddb97ced0303dfd72a1ee670182bf8001274

Score
10/10
mimikatzta505

Malware Config

Targets

    • Target

      exec_ap.exe

    • Size

      3.9MB

    • MD5

      37130df0dc6057afaf677c2907eebdb4

    • SHA1

      75caff36d1115049d605f91a651bf0f8479118cc

    • SHA256

      08c11a4d6f275b0a5b57871c8d02097ec77019215ef66fb4e73dc7c29cf6833c

    • SHA512

      357185b2e36508485329a13792a9741ea5040db09b482e6ce10a67581f982883df79b0367a53bb8fcc2574fcdf2dddb97ced0303dfd72a1ee670182bf8001274

    Score
    10/10
    mimikatzta505

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

      ta505

    • mimikatz is an open source tool to dump credentials on Windows

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks