mimikatz | McKatz[.]exe

General

Target

McKatz.exe
Size

590KB
MD5

cb3be917afffb11eb2ba766e96c4bed3
SHA1

b3e84069ca4ec9eb41ba0630d46b4d66ebacf2f3
SHA256

7022048b86f3189691d41e71066fdea319c4f880fc7700943519937ef25106ce
SHA512

06a92405bd784ce3cc0dc439fc378b9dca5cedc55a08d9aca923d9dfd3421b4998c72244402a990dc45deb7c1729d404f20451973ebf13b608a86ec7ee6c61ae
SSDEEP

12288:6wOlen7r4FgrWXt8LolVx/YRwu1WtH+QjWf2/JFY2C:kAYOr0KSVx/yGH+QjWCFY

Score

10^/10

upx mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	mimikatz

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
McKatz.exe
unpack001/out.upx

Files

McKatz.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 792KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 792KB

UPX1 Size: 425KB - Virtual size: 428KB

.rsrc Size: 164KB - Virtual size: 164KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 636KB - Virtual size: 635KB

.rdata Size: 335KB - Virtual size: 334KB

.data Size: 21KB - Virtual size: 28KB

.pdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 162KB - Virtual size: 161KB

.reloc Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 792KB

UPX1
Size: 425KB - Virtual size: 428KB

.rsrc
Size: 164KB - Virtual size: 164KB

.text
Size: 636KB - Virtual size: 635KB

.rdata
Size: 335KB - Virtual size: 334KB

.data
Size: 21KB - Virtual size: 28KB

.pdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 162KB - Virtual size: 161KB

.reloc
Size: 6KB - Virtual size: 5KB