mimikatz | 6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-20...ya.exe

windows7-x64

2024-04-20...ya.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya
Size

618KB
Sample

240420-kbypdadb6y
MD5

31c8e3744f241a06e6c10507f70105fa
SHA1

78ab7672f6b24ca6f7cf236d0609ab90d252b372
SHA256

6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc
SHA512

40e04a5c2d9fa6042e43865aa1de61893a24cc563ca84bf31e5b5a65c58ca3c987513675f50c3d89638240013a787fc1f34f84a387e3e1e8476b29074b312fdd
SSDEEP

12288:Wn/X4NTS/x9jNG+w+9OqFoK323qdQYKU3ZuGOBqs8XIJ25h5pYi:sXATS/x9jNg+95vdQaZAssGlhE

Score

10^/10

mimikatz bootkit persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya.exe

Resource

win7-20240221-en

mimikatz bootkit persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya
- Size
  
  618KB
- MD5
  
  31c8e3744f241a06e6c10507f70105fa
- SHA1
  
  78ab7672f6b24ca6f7cf236d0609ab90d252b372
- SHA256
  
  6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc
- SHA512
  
  40e04a5c2d9fa6042e43865aa1de61893a24cc563ca84bf31e5b5a65c58ca3c987513675f50c3d89638240013a787fc1f34f84a387e3e1e8476b29074b312fdd
- SSDEEP
  
  12288:Wn/X4NTS/x9jNG+w+9OqFoK323qdQYKU3ZuGOBqs8XIJ25h5pYi:sXATS/x9jNg+95vdQaZAssGlhE
Score

10^/10

mimikatz bootkit persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware
- Detects executables containing commands for clearing Windows Event Logs
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mimikatzbootkitpersistencespywarestealer

behavioral2

© 2018-2025

Terms | Privacy