Behavioral task
behavioral1
Sample
2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8N.exe
Resource
win10v2004-20240802-en
General
-
Target
2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8N
-
Size
8.3MB
-
MD5
62a24423241a8c4fc882ff366ec0fa30
-
SHA1
618eabb9e8ce2bfbf7afff676ff53e4c8973ce09
-
SHA256
2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8
-
SHA512
8e7bb38dd53104ea2fa6a41ac0bdd4e0c5b9fa522b5aef4d37935ce295fe6184eef78a1c86c4e9ed428a83ee958809e575e194872a90d73fc37c87b99b5e7a2b
-
SSDEEP
98304:YmBtyYXmknGzZr+HdO5SEPFtmOZ9G1Md5v/nZVnivsAl0eXTBJYa5roSCaa:I6mknGzwHdOgEPHd9BbX/nivPlTXTYr
Malware Config
Signatures
-
Mimikatz family
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
Processes:
resource yara_rule sample mimikatz -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8N -
NSIS installer 1 IoCs
Processes:
resource yara_rule sample nsis_installer_2
Files
-
2365ffb87d643fcdca1434bb291c2ef0cf54b3e6b4313788140edb0515df06f8N.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 756KB - Virtual size: 753KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 80KB - Virtual size: 311KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ