mimikatz | 6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-20...ya.exe

windows7-x64

2024-04-20...ya.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya
Size

618KB
Sample

240420-kbypdadb6y
MD5

31c8e3744f241a06e6c10507f70105fa
SHA1

78ab7672f6b24ca6f7cf236d0609ab90d252b372
SHA256

6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc
SHA512

40e04a5c2d9fa6042e43865aa1de61893a24cc563ca84bf31e5b5a65c58ca3c987513675f50c3d89638240013a787fc1f34f84a387e3e1e8476b29074b312fdd
SSDEEP

12288:Wn/X4NTS/x9jNG+w+9OqFoK323qdQYKU3ZuGOBqs8XIJ25h5pYi:sXATS/x9jNg+95vdQaZAssGlhE

Score

10^/10

mimikatz bootkit persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya.exe

Resource

win7-20240221-en

mimikatz bootkit persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-20_31c8e3744f241a06e6c10507f70105fa_bad-rabbit_doublepulsar_eternalpetya_karagany_notpetya_petrwrap_petya
- Size
  
  618KB
- MD5
  
  31c8e3744f241a06e6c10507f70105fa
- SHA1
  
  78ab7672f6b24ca6f7cf236d0609ab90d252b372
- SHA256
  
  6d4eb90e5ccaf6fe5a129ae6b1d84835bfbb500e2028420ff47e63c593b04ebc
- SHA512
  
  40e04a5c2d9fa6042e43865aa1de61893a24cc563ca84bf31e5b5a65c58ca3c987513675f50c3d89638240013a787fc1f34f84a387e3e1e8476b29074b312fdd
- SSDEEP
  
  12288:Wn/X4NTS/x9jNG+w+9OqFoK323qdQYKU3ZuGOBqs8XIJ25h5pYi:sXATS/x9jNg+95vdQaZAssGlhE
Score

10^/10

mimikatz bootkit persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware
- Detects executables containing commands for clearing Windows Event Logs
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mimikatzbootkitpersistencespywarestealer

behavioral2

© 2018-2024

Terms | Privacy