mimikatz | 29dab7bbcdd5eb4248eaac64bc0ef811bee3be6f852075f61259935d9141eb54 | Triage

Sharing

General

Target

29dab7bbcdd5eb4248eaac64bc0ef811bee3be6f852075f61259935d9141eb54
Size

7.2MB
MD5

41aa77b688a77ac5476a30088c71f202
SHA1

c01e169ffe3f57de2f3f3893203ebfce05ac5b93
SHA256

29dab7bbcdd5eb4248eaac64bc0ef811bee3be6f852075f61259935d9141eb54
SHA512

c7b8e331a4578824ae9e92067a2ebefa1758702b09d5db87e15908f7ecdc872f2865010573a7734745ac50751010a26ee03a3ec14204822b0066275b60ff3054
SSDEEP

98304:iTDRPn45mP6zULKVTZsDILXyY1KWOCvPcheC:iTDt5Z6NsDILXPKWOCvPy

Score

10^/10

themida mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29dab7bbcdd5eb4248eaac64bc0ef811bee3be6f852075f61259935d9141eb54

Files

29dab7bbcdd5eb4248eaac64bc0ef811bee3be6f852075f61259935d9141eb54
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 868KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE