mimikatz

Sharing

Copy URL

Twitter E-mail

General

Target

9635645285.zip
Size

10.1MB
Sample

230323-lsajjsgg5t
MD5

1f5fa4a51558f3a8592f22c5bc37e863
SHA1

90a45a3acd1cbba62ef1c743cb57cf7a87f5f14a
SHA256

b5ddb13a397596ff8ca1e6f3a3c3df5ba490486cbb33afedd1a5e7ff6e4ebec2
SHA512

b2fa8614efc86fb84a97ab59c4b2f2e53aeb90a8d0e32e29c3e032eec0230fa83c13be026da7a83f4c636785af6a7707031e531b811b17c24f194379c843b7de
SSDEEP

196608:HAd7YPxM2y9YtCH1sEN5+zCD9RUr8e1512A8ULzzdbQoPBpCEey3RLb:gOxBEYtGsEH+zCD9Ri12gLHdESpC5An

Score

10^/10

Malware Config

Targets

- Target
  
  084a81881745038f4fa7227b92aed4a0ad3603d1063cfc100f0adffbfc55eef2
- Size
  
  7.3MB
- MD5
  
  6dfe46bc554b47ff0c3c1d4cd665d99c
- SHA1
  
  5b2956bcffc02f0358bc6852deb9ddea544a8f5e
- SHA256
  
  084a81881745038f4fa7227b92aed4a0ad3603d1063cfc100f0adffbfc55eef2
- SHA512
  
  a89325675d310ca02ca7fe10e4b7f5735fea5460ad50a8352e45bd8108f8f3ff13a5a2d855da2f3314c8197d32fc32acba4062817cd8570b6e4570bc30430a48
- SSDEEP
  
  98304:E5MLb3a7p2HhNDRtSZG+EDvDgYmA30k3OxldOzmZJmXZxqw8fFI:p/3m2ioHmAkFldtZ4c
Score

10^/10

mimikatz spyware stealer discovery
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  25f38c1ea9b72f30be7df57ee6c0a358de7c23d59c2a0dd5f9c8c787c863abbd
- Size
  
  1.7MB
- MD5
  
  58d30af5992e33b351293b23ce97724f
- SHA1
  
  22e8cd9c08037ea925d57355c4ae142490688bb9
- SHA256
  
  25f38c1ea9b72f30be7df57ee6c0a358de7c23d59c2a0dd5f9c8c787c863abbd
- SHA512
  
  e3c5034f07d85a4cf4f3de8314fb332ebdab3ed5e6058340951bf3482cd03ee2ceb42817bc2fcb8d12c3a5becdb52896d7bd8ff72c8c978034626cc7fd93244d
- SSDEEP
  
  49152:BRoNt5F+/BocHmdgcmPH8fKr1HbYObrTTAj/unm0yJk:DoNt5E/BoC6gcCcfKtjfnvkk
Score

10^/10

satancryptor ransomware spyware stealer discovery
- SatanCryptor
  Golang ransomware first seen in early 2020.
  ransomware satancryptor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  65a67ae4ac7290dbdba5832de2128461f68d6b5f37321bc2c4f82087342728b4
- Size
  
  10KB
- MD5
  
  f219bb6ccf4a89188d64165885e004b1
- SHA1
  
  331359c7e8be8e663d1f61915cf91c45de7a9a92
- SHA256
  
  65a67ae4ac7290dbdba5832de2128461f68d6b5f37321bc2c4f82087342728b4
- SHA512
  
  c3d2efaea98e1774d397aa5aa1686368486a5ab7e17be3a9a89f0283b261ed49448602905cd956ed167aec2115e33dcda631f60db17630e69511e640ad210e56
- SSDEEP
  
  192:wIHcOQU7ew9YTy4kQDj9IXT+6dGBlX6tQtkhLjf938DmX6Mw46gYjvbxaBM27Q:qzw9YTmU9IXy9QX1j1gmX6CrMVR
Score

1^/10
behavioral5 behavioral6
- Target
  
  d7ab78ce470e7e7f745d06f364a88c3e8b04cc649324380497d9faf4aa93c009
- Size
  
  2.4MB
- MD5
  
  8c8ca1dd0b7bb17a816c18cce18cdbc6
- SHA1
  
  406792efceec8edeb465227a5d5507e6bfc3b3d1
- SHA256
  
  d7ab78ce470e7e7f745d06f364a88c3e8b04cc649324380497d9faf4aa93c009
- SHA512
  
  2d6ce9b5d075f229566ccdad985994fe4676cea9bdc6191aa5d0f20b759855018dce6697fe5e23766b4e3f529aaf872aeebee44d3fe0eca3175f75644f314c6f
- SSDEEP
  
  49152:qI34DIE80rBX6nfweEfSdOlyAnGnP2vr8Ax1i22:qg09+EsORr8Ax52
Score

10^/10

mimikatz discovery
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77
- Size
  
  2.5MB
- MD5
  
  24bf2e26a150df152869e417ada736d2
- SHA1
  
  a223e18c6eac313aa9628e4e7bf728b43ab2a62d
- SHA256
  
  daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77
- SHA512
  
  04316d03bb9916466108d753f0b7e39ee8549912c30302d02b548b8e197c743e040487465a4066daf111ca160f92b94cc176489153e5fdcb120beba53ec15198
- SSDEEP
  
  49152:YXsg6HyTsafBrK+RY2sEBvu/kRJVWqkJirCz/3Ng1DG95Sggsm:msgPppiWvu/yJVZ4irIPNg1DGtgV
Score

10^/10

mimikatz discovery spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Network Service Scanning

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

mimikatz is an open source tool to dump credentials on Windows

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Creates a large amount of network flows

Enumerates connected drives

Drops file in System32 directory

SatanCryptor

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Creates a large amount of network flows

Enumerates connected drives

Mimikatz

mimikatz is an open source tool to dump credentials on Windows

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Creates a large amount of network flows

Drops file in System32 directory

Mimikatz

mimikatz is an open source tool to dump credentials on Windows

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Creates a large amount of network flows

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10