mimikatz | e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737 | Triage

Submit
Reports

Overview

overview

Static

static

e2ea7f9581...37.exe

windows7_x64

e2ea7f9581...37.exe

windows10-2004_x64

Sharing

General

Target

e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
Size

390KB
Sample

220520-glkzgsfgfr
MD5

b6cc1e4052f613e15a8b05439f5877b4
SHA1

9bb3cb5080ae18985d93a28faeca6ae06d768b21
SHA256

e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
SHA512

cd48f448cd355a1463ca090d8ad47100596e1ed1a1a771f26c672406669433e9d9d915268def0aad844511f65a3c69fbb3ab2e2dc610ecc0f66a8524a6a8ea73

Score

10^/10

mimikatz bootkit persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737.exe

Resource

win7-20220414-en

mimikatz bootkit persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737.exe

Resource

win10v2004-20220414-en

mimikatz bootkit persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
- Size
  
  390KB
- MD5
  
  b6cc1e4052f613e15a8b05439f5877b4
- SHA1
  
  9bb3cb5080ae18985d93a28faeca6ae06d768b21
- SHA256
  
  e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
- SHA512
  
  cd48f448cd355a1463ca090d8ad47100596e1ed1a1a771f26c672406669433e9d9d915268def0aad844511f65a3c69fbb3ab2e2dc610ecc0f66a8524a6a8ea73
Score

10^/10

mimikatz bootkit persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Bootkit

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mimikatzbootkitpersistencespywarestealer

behavioral2

mimikatzbootkitpersistence

© 2018-2024

Terms | Privacy