mimikatz | 9635645285[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9635645285.zip
Size

10.1MB
MD5

1f5fa4a51558f3a8592f22c5bc37e863
SHA1

90a45a3acd1cbba62ef1c743cb57cf7a87f5f14a
SHA256

b5ddb13a397596ff8ca1e6f3a3c3df5ba490486cbb33afedd1a5e7ff6e4ebec2
SHA512

b2fa8614efc86fb84a97ab59c4b2f2e53aeb90a8d0e32e29c3e032eec0230fa83c13be026da7a83f4c636785af6a7707031e531b811b17c24f194379c843b7de
SSDEEP

196608:HAd7YPxM2y9YtCH1sEN5+zCD9RUr8e1512A8ULzzdbQoPBpCEey3RLb:gOxBEYtGsEH+zCD9Ri12gLHdESpC5An

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/084a81881745038f4fa7227b92aed4a0ad3603d1063cfc100f0adffbfc55eef2	mimikatz

Files

9635645285.zip
.zip

Password: infected
084a81881745038f4fa7227b92aed4a0ad3603d1063cfc100f0adffbfc55eef2
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
25f38c1ea9b72f30be7df57ee6c0a358de7c23d59c2a0dd5f9c8c787c863abbd
.exe windows x86

299ee7793f8ecb133e780d5a96f77900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ws2_32

recvfrom

wldap32

ord32

ole32

CoUninitialize

oleaut32

VariantInit

wininet

InternetOpenA

user32

MessageBoxA

advapi32

ReportEventA

Sections

.MPRESS1
Size: 1.7MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
65a67ae4ac7290dbdba5832de2128461f68d6b5f37321bc2c4f82087342728b4
.jar
d7ab78ce470e7e7f745d06f364a88c3e8b04cc649324380497d9faf4aa93c009
.exe windows x86

d9362ccf7828b415b9cc03e731a349f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ws2_32

listen

wldap32

ord79

ole32

CoUninitialize

oleaut32

SysFreeString

user32

MessageBoxA

advapi32

ReportEventA

Sections

.MPRESS1
Size: 2.4MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77
.exe windows x86

d9362ccf7828b415b9cc03e731a349f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ws2_32

listen

wldap32

ord79

ole32

CoUninitialize

oleaut32

SysFreeString

user32

MessageBoxA

advapi32

ReportEventA

Sections

.MPRESS1
Size: 2.5MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.MPRESS1 Size: 7.3MB - Virtual size: 7.3MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata2 Size: 4KB - Virtual size: 8KB

299ee7793f8ecb133e780d5a96f77900

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

wldap32

ole32

oleaut32

wininet

user32

advapi32

Sections

.MPRESS1 Size: 1.7MB - Virtual size: 5.2MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

d9362ccf7828b415b9cc03e731a349f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

wldap32

ole32

oleaut32

user32

advapi32

Sections

.MPRESS1 Size: 2.4MB - Virtual size: 7.2MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

d9362ccf7828b415b9cc03e731a349f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

wldap32

ole32

oleaut32

user32

advapi32

Sections

.MPRESS1 Size: 2.5MB - Virtual size: 7.4MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.MPRESS1
Size: 7.3MB - Virtual size: 7.3MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata2
Size: 4KB - Virtual size: 8KB

.MPRESS1
Size: 1.7MB - Virtual size: 5.2MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.MPRESS1
Size: 2.4MB - Virtual size: 7.2MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.MPRESS1
Size: 2.5MB - Virtual size: 7.4MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB