mimikatz | NEAS[.]3410a5556d2cca36a9afecb34c26f160[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3410a5556d2cca36a9afecb34c26f160.exe
Size

2.3MB
MD5

3410a5556d2cca36a9afecb34c26f160
SHA1

93567d1ecc9d0f66b03971d14da87336319aae52
SHA256

6e63f23699fd8d52e51904e8cffd57cdeb0e50aa317c4b04943b7e6d180b97da
SHA512

ce066ea72c14dec35ac7d9b3c952f5487e1b83c332fce410ec769a949a501c8b73de9dbc5c4065ca13d3a7ea48e2f93fa5c6dfbeccbe86875fcd0c0de8518e6e
SSDEEP

24576:HT2NVvDprLd8fJTu7iSZ8iUoVLhyQWg0y+WoZjYC9KmoIfDfZ2jXu+tLwRdhnfCl:uhqJQCiUoVLh6g0y+/+40L4w

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3410a5556d2cca36a9afecb34c26f160.exe

Files

NEAS.3410a5556d2cca36a9afecb34c26f160.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 931KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 188KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE