mimikatz | lab3[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

lab3.exe
Size

1.2MB
MD5

d81fa178fd709c56ceda83381afdc976
SHA1

731e57a48af5e9e6ac0dec849a3dc2ac68678c79
SHA256

37ee77b8cd5b859dc41f1f836c45995e62af890aeccb1a3fc13f89d95251cdc8
SHA512

a2f7554a595e02ef6adee80e6d3ffda31c65adfe39aec618999c348f62f868daede5d64983449392af8501bc35a96ea300f04d4010a85d9068e70cd876a375d9
SSDEEP

24576:nUKHPoUwWXcUDLLClqpZ3FUax3dJ3CexE66A8K13D:nUebCKBB3rSexE66V

Score

10^/10

mimikatz metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.1.228:4444

Signatures

Metasploit family
metasploit
Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Files

lab3.exe
.exe windows x86

cc8d075af0c07c7eca8a095576a55f02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
free
fwrite
memcpy
signal
vfprintf

user32

MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

cc8d075af0c07c7eca8a095576a55f02

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 368B

.rdata Size: 512B - Virtual size: 320B

/4 Size: 1024B - Virtual size: 928B

.bss Size: - Virtual size: 96B

.idata Size: 1024B - Virtual size: 936B

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 24B

/29 Size: 3KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 169B

/55 Size: 512B - Virtual size: 209B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 368B

.rdata
Size: 512B - Virtual size: 320B

/4
Size: 1024B - Virtual size: 928B

.bss
Size: - Virtual size: 96B

.idata
Size: 1024B - Virtual size: 936B

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 24B

/29
Size: 3KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 169B

/55
Size: 512B - Virtual size: 209B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB