mimikatz | 6474d62fcf22b0ccbce94b6f31ccfd9b397dd9c64757eea34732e6281a86fc18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6474d62fcf22b0ccbce94b6f31ccfd9b397dd9c64757eea34732e6281a86fc18
Size

7.0MB
MD5

7582d3d3aaaafd0f1a878631fb8fcd4e
SHA1

7d5cac5dcd88acc9ffc57109274307a9bb328073
SHA256

6474d62fcf22b0ccbce94b6f31ccfd9b397dd9c64757eea34732e6281a86fc18
SHA512

b45ab6a1e8a95eb7254e9c3ca588e44ed6ddc4d796df5869da3fe79f25118326463ea8e8d064cc4707f5e3e0b9f1dd9bfc4834c1a9576211850b7cdb27ffc1f0
SSDEEP

49152:UJawb+G+PIB6SkKqmr18412qxuPs8xzHfMppZwaYEbKA7KE/n5HzsjcltT25VITj:UTDRP9gr/8DBn5HzKKhoDxp+Qnsh

Score

10^/10

themida mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6474d62fcf22b0ccbce94b6f31ccfd9b397dd9c64757eea34732e6281a86fc18

Files

6474d62fcf22b0ccbce94b6f31ccfd9b397dd9c64757eea34732e6281a86fc18
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 868KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE