mimikatz | A51B45A29E26454F8E09850CC9D3B97A[.]7z | Triage

Sharing

General

Target

A51B45A29E26454F8E09850CC9D3B97A.7z
Size

15.6MB
MD5

d74e2fa470baaf65c46933808ad611d2
SHA1

23c283898e683ffcfc356e63e87da14beb6fce4d
SHA256

aa3cd537d7861eb5d1a5e17bda3259ad11155290c363b6cf7b32819d0b78ba3a
SHA512

9681c9e145560157a387d3408e625a3cf9eb94d9822217a4985eea44fc78d6a24f5e63cf801ad3541f23a0b572fd70f5051a26ad0b89e0e1b3501a1846a70be4
SSDEEP

393216:+Q7zTf+94JR1t3Y89bLFwCDbKDq5Ci7znZ0z9D+:fTfLTx9bLFwLqX0t+

Score

10^/10

mimikatz privateloader

Malware Config

Signatures

Mimikatz family
mimikatz
Privateloader family
privateloader

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
static1/unpack001/A51B45A29E26454F8E09850CC9D3B97A.MAL_decrypted	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/A51B45A29E26454F8E09850CC9D3B97A.MAL_decrypted

Files

A51B45A29E26454F8E09850CC9D3B97A.7z
.7z

Password: infected
A51B45A29E26454F8E09850CC9D3B97A.MAL_decrypted
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ