Behavioral task
behavioral1
Sample
5720aa0b57f92a1e04497aa8a4284030_hacktools_icedid_mimikatz_JC.exe
Resource
win7-20230712-en
General
-
Target
5720aa0b57f92a1e04497aa8a4284030_hacktools_icedid_mimikatz_JC.exe
-
Size
6.9MB
-
MD5
5720aa0b57f92a1e04497aa8a4284030
-
SHA1
91075ab56431b05bc07de332302ebed63a9553aa
-
SHA256
6cf60fe81c180a1c8eb1b1edfa9d99ea94f62c838d661c4bb7388357472f10d8
-
SHA512
e0f6fdb002bc66a0c870e1f6084c9064889dac024d63626aac3e0b6877abcdeaf2cdb871dfc347c15379366d2a10385b1549c1d90ceac879a38b0e7d76120cc0
-
SSDEEP
196608:ylTPemknGzwHdOgEPHd9BYX/nivPlTXTYP:a3jz0E52/iv1
Malware Config
Signatures
-
Mimikatz family
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
resource yara_rule sample mimikatz -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5720aa0b57f92a1e04497aa8a4284030_hacktools_icedid_mimikatz_JC.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_2
Files
-
5720aa0b57f92a1e04497aa8a4284030_hacktools_icedid_mimikatz_JC.exe.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 740KB - Virtual size: 738KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 72KB - Virtual size: 295KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ