mimikatz | bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc

General

Target

bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc
Size

21KB
MD5

7ac32384b1401d9be5a1822df841d23d
SHA1

88926d7da2c30791dbc555b9cfd7622089df0172
SHA256

bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc
SHA512

92d8c2613df07670817695657bb3c0e8169f81a9706d42a341de2b3aa2645fe0d879b48cdc2cc2c852a2139a0bf87f8131628e67d5a04bd762f68b1dbf1a18e4
SSDEEP

384:sJshczEHvm1LCieXp1DRoBLLoRvK3V7m6sTsWtttOa/CchYlWiy:spzEHvypF0Z+V7rsTsitZ/CchYla

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz
mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes:

resource yara_rule

sample mimikatz

resource	yara_rule
sample	mimikatz

Files

bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc
.dll windows x86

5fb9170191537a3476f88c308b72602c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateRestrictedToken
CreateProcessAsUserW
ConvertSidToStringSidA
IsTextUnicode
OpenProcessToken

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
RtlEqualString

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
CloseHandle
LoadLibraryW
GetProcAddress
LocalAlloc
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime

msvcrt

_wfopen
fclose
vfwprintf
fflush
memset
_XcptFilter
malloc
_initterm
_amsg_exit
free

Exports

Exports

ExtensionApiVersion
InitializeChangeNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
mimikatz
startW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fb9170191537a3476f88c308b72602c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB