mimikatz

General

Target

New.7z
Size

1.3MB
Sample

240611-v35bcavdmb
MD5

4a0669dd1287f85e595dd08755ba039d
SHA1

b04919cc21e958db088a79b125f9bb967ba3607c
SHA256

b2a9d9fa76e0d276d2a9ee93a0cd32a7796ffa5c5481dba57c89c0590fb61d09
SHA512

2cd1ceba87fe33fdacf6a9e3cbd868dff07088751c01e7e0548733318f70028d8c3051ab0ab8dc7614e685b1d78106fcb77f95e69153fd289f5cd39938acf8d4
SSDEEP

24576:TjnByrJ9Y9rJ/p65savb6Xzzq6FG4qglM3cfEFjxpKgo9lfKR:/Bu9+9/p66avbGq0LqwAcfEJ94KR

Score

10^/10

Malware Config

Targets

- Target
  
  New/3mm.exe
- Size
  
  1009KB
- MD5
  
  a38109846c85c59384c9b71ef67f655d
- SHA1
  
  211f659b70bf4abd6be8b742e156cc6d5c1d9e43
- SHA256
  
  05b5a1a5354201eb02051a8555a63d82e98766798f5739111c454103ca2599bb
- SHA512
  
  adc11e5871df6db8f5921ef803865a4611bc274bfef308a524cc7d00e9f4e81d2047ff984a90a6dc752c506246fc9ae141409c685e79d83185c577126729a19a
- SSDEEP
  
  24576:Ld9Mrf7iaNVxowiTsJvJkI65s0o5bJQAoDy:ByTeFwWsJxkI660o5roW
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
behavioral1
- Target
  
  New/6mm.exe
- Size
  
  1.1MB
- MD5
  
  bceaadd320aaa1bc88b2e670b6ea4e16
- SHA1
  
  8cb2d9312eb4c8beea071f692b55c5f1a2a38fea
- SHA256
  
  417c70e912ee8b64ae8ace9044c5ce86f5679b38dc87cb6934c7fdb11d4b0632
- SHA512
  
  71938de64075cb5aaad692529c7aea612ada995c11d71b8e917a703b416b68d643628e1e5aba89c3a0e58f3ce5b5e31cdefa179227d2340ce2425b0e557c979d
- SSDEEP
  
  24576:Ld9Mrf7iaNVxowuT2hn4VXlM0fDfJN0KfMrw:ByTeFw6W4V11fDfvurw
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
behavioral2
- Target
  
  New/dgbw.exe
- Size
  
  570KB
- MD5
  
  d6ead5d81986e9e21984c4ee8df32183
- SHA1
  
  7eb429ce51bf900f0ef4aa589cf8a789b6a4792a
- SHA256
  
  acad5da56a5e89b288e11f39789d7583c07972bc5253bcdcea96cb020b703474
- SHA512
  
  13aba25679b8e3fe1b96ba94262d6afaa57f8554f7dc31e4643a417545ef292537e7e09cc5ec4c5c0c418b3057009eabfee00c5cf89d0a0354be2a7ff484f0be
- SSDEEP
  
  12288:LQM9bROJmafSPZDz7qElw2KxPo0q7qzC9b/uEvtHKYTsviIR8Cufe9ZqQwExr//M:Ld9Mrf7iaNVxowsTNkw
Score

7^/10
- Executes dropped EXE
- Drops file in System32 directory
behavioral3
- Target
  
  New/dggw.exe
- Size
  
  570KB
- MD5
  
  bb5e489728d77d8d98792ef21634f6a6
- SHA1
  
  96e5834b313a41173f156d3a09bb1a4b3595233a
- SHA256
  
  cfcdfdff42246ab34c0f8a8ca746dc47ddb3cb757a23dd0a4c1fda5cdbc67cd8
- SHA512
  
  6888b567193ff358ea9f3add80bae4c0bbc981e6f91294ac0a8277718fc7d52f94d45d288498c3d42a554d24b935f9e614733bf9adb011ff9a307315e67d2411
- SSDEEP
  
  12288:LQM9bROJmafSPZDz7qElw2KxPo0q7qzC9b/uEvtHKYTsviIR8Cufe9ZqQwExr//b:Ld9Mrf7iaNVxowtTW0
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Drops file in System32 directory
behavioral4
- Target
  
  New/vm-uw.exe
- Size
  
  566KB
- MD5
  
  78c6129bfd81f88cfb7171caf2d386a1
- SHA1
  
  f626224572dea0bc2983e3b3986bd1c1af5533ce
- SHA256
  
  aa1ad7c508d497292d1e017b946cc381be204bd641543bcf584da286eb6f685f
- SHA512
  
  38d0f61a25f015ad149765ced45ab81591ec02f9fe290c1560db9f53f9b7e6edc371eaebbcc54156006e63fe323b976bf560b9db69328f5ffe0fd9b734a9717b
- SSDEEP
  
  12288:LQM9bROJmafSPZDz7qElw2KxPo0q7qzC9b/uEvtHKYTsviIR8Cufe9ZqQwExr//R:Ld9Mrf7iaNVxowGT/M
Score

7^/10
- Executes dropped EXE
behavioral5