Overview

overview

10

Static

static

10

Win32/kappfree.dll

windows7-x64

3

Win32/kappfree.dll

windows10-2004-x64

3

Win32/kelloworld.dll

windows7-x64

3

Win32/kelloworld.dll

windows10-2004-x64

3

Win32/klock.dll

windows7-x64

3

Win32/klock.dll

windows10-2004-x64

3

Win32/mimikatz.exe

windows7-x64

3

Win32/mimikatz.exe

windows10-2004-x64

3

Win32/mimikatz.sys

windows7-x64

10

Win32/mimikatz.sys

windows10-2004-x64

10

Win32/sekurlsa.dll

windows7-x64

3

Win32/sekurlsa.dll

windows10-2004-x64

3

tools/PsExec.exe

windows7-x64

3

tools/PsExec.exe

windows10-2004-x64

3

tools/tee.exe

windows7-x64

1

tools/tee.exe

windows10-2004-x64

3

tools/winmine.exe

windows7-x64

3

tools/winmine.exe

windows10-2004-x64

3

x64/kappfree.dll

windows7-x64

1

x64/kappfree.dll

windows10-2004-x64

1

x64/kelloworld.dll

windows7-x64

1

x64/kelloworld.dll

windows10-2004-x64

1

x64/klock.dll

windows7-x64

1

x64/klock.dll

windows10-2004-x64

1

x64/mimikatz.exe

windows7-x64

1

x64/mimikatz.exe

windows10-2004-x64

1

x64/mimikatz.sys

windows7-x64

10

x64/mimikatz.sys

windows10-2004-x64

10

x64/sekurlsa.dll

windows7-x64

1

x64/sekurlsa.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51535b1784d6ef85ddb949730111be95_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241017-j3k2xsyhkf

  • MD5

    51535b1784d6ef85ddb949730111be95

  • SHA1

    96d8707ed79932a4c6d810df21079855f24a3f71

  • SHA256

    9ed0f409e7fb369f83c3aeaad4085a2146778faed15d421734aa13fe22cf7ee4

  • SHA512

    6d302d4910461636936c4d225011245ac8dbafd114035b6df148f7a7e422f0e1f96e11d70575ed277c90d5d714bfe39b0e9d045439187c891168ce4ca90bfc6c

  • SSDEEP

    24576:tk1C2eXGJqbre8CnmYtVIhD6UedDXhq6/KFkewQJfgx:a1CrGEby8WHDDXhkCx

Score
10/10
mimikatzdiscovery

Malware Config

Targets

    • Target

      Win32/kappfree.dll

    • Size

      39KB

    • MD5

      721bf90a8f6af6ad625ca73aef33bd00

    • SHA1

      c45a39ee2de977da9049decd78974a5e236dec73

    • SHA256

      be27045e328ccfa3909e5a40da1137fc04f8553ba57c27ab20dbcc1bf1264a36

    • SHA512

      98617c4eca2affff16b446be26a2869f67d2ce69c625bdfd5bd500c3692684ba2471454a54f2a6236e47c65c8a3a18af6894015bb3a0e1961ebaa6226693d888

    • SSDEEP

      768:3qztn7AiVlRghLBmnTED0kvU8hCbg4+zVH5cDzN1:3qt3Ro+D8IbD+zJ5cDzN1

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Win32/kelloworld.dll

    • Size

      96KB

    • MD5

      1cb4b222cd02510c91b98fbf313cb04f

    • SHA1

      e69ba5b34ae745f7093bcf03cea58ba82b3c3637

    • SHA256

      be0661c8a03d0124a71ee77bdbca59a759b9711925baedfccb486b1125fa7727

    • SHA512

      5a98fe19c66214870251d288056b0802c7a18a6965307a9f0709c807c725e74acdb2c096f3c277dee4d1fb4db2cbca1ba0b65a7d12f0dd73d378c6f797ea76c7

    • SSDEEP

      1536:2t8gjcXNm7olKtLVV2lFWhL9ihOGWYuXatxY6bRhHmrD+zJ5BWW:2t8gjcXYrtLVaFWLEeYuqtxDbRhHmudR

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Win32/klock.dll

    • Size

      135KB

    • MD5

      d4849f4998f89f478e903c2cb37ae165

    • SHA1

      bf49e7bce5fd0c3e439f297eedb5c54fe70f3e0b

    • SHA256

      b7a841b7ce840000bc122b563b23264ea50779e2646f747e5f639de8b87d93ac

    • SHA512

      629183a61f0b0f4cca8206048595de14d6e3b692758e07c9de53b68bc8b293f440adf11c0db94037078cfb3dd2b102f588f5e4aa8939118372da93028e426e47

    • SSDEEP

      3072:MSd6MJMBY4FRDK7woCOSXpk9O5LYvKotEkRmAa80d4G:YMJMC4LDowk9O5syUEkgDdD

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Win32/mimikatz.exe

    • Size

      399KB

    • MD5

      1515f376964ae2289491ec21a1934f8b

    • SHA1

      54b5b8d9eb53bb6146d9fc891225bdd8392d6ca3

    • SHA256

      bd5665b76a6b6d12a6017fc14f2b35cbf68b3bd4208ed75fd4a10c8305adbe1a

    • SHA512

      9e25a7f48d9d0d6e70ecc4682cb743e3887fc6cf8a65fc0ea51b86ff45e948c8f89179875c9f56088570493fba73cad5c00f3e53715f58df90c7927b6153cb29

    • SSDEEP

      6144:g5CnATf5TLg7qal6kiOA9NNj11BVoBHilBbQx5/X/Kd7:yTxTU7N0OA9T1HVoBHilBbyXCV

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Win32/mimikatz.sys

    • Size

      24KB

    • MD5

      d35240aef54b69c2bb5c9484cd61f37e

    • SHA1

      6d4203dbddfb89654ea41e44b03b66d05f178a14

    • SHA256

      4b617b1857645ec79b36086e2aff00dd010c14b6ebdd05718bc1a645dd2d0768

    • SHA512

      0f720e185a4e61752c3bd07179411f37e6dc463fb69484669bd841905732ea2fb4292b997619cac42104bfd746e1e3c3a1146e3eaf3ab855989338adaaa2fe4d

    • SSDEEP

      384:v0cjt6CvnrHAXszaGH/DMYFUi9DnbR7yzPFe++m8pK5+znVYEH9dUb+o7BoLms:NtdrH4QfByJedmg4+zVHkio7BoLms

    Score
    10/10
    mimikatz

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    behavioral10behavioral9

    • Target

      Win32/sekurlsa.dll

    • Size

      181KB

    • MD5

      fe14a89944e3101bfa239804ba5bac6b

    • SHA1

      e77d23677dba1475e6d73bce2172dfce1db80d86

    • SHA256

      e19885a0be06aa291b291ed75fe218ecc29ffb16ed8e0603ede4a13e439e9d9f

    • SHA512

      325d4fbdd4de18b11f732cca2a91260a8eff4eae21a842e1b71708761b0a06dd84a7ebbea7b8bad5321fe1ddd815ce9b4cf291f99aafd785af7a57827963d4f2

    • SSDEEP

      3072:WloA6Hnre5cnbi53RviYWCEzkbOmpJJBS05nOXEgf92Cb2VaDO1hEdG:dA6HMMbi5BiTkbOm5nO39/FDdG

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      tools/PsExec.exe

    • Size

      372KB

    • MD5

      aeee996fd3484f28e5cd85fe26b6bdcd

    • SHA1

      cd23b7c9e0edef184930bc8e0ca2264f0608bcb3

    • SHA256

      f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5

    • SHA512

      e7c0b64ca5933c301f46dc3b3fd095bcc48011d8741896571bf93af909f54a6b21096d5f66b4900020dcaece6ab9b0e1d1c65791b8b5943d2e4d5bab28340e6f

    • SSDEEP

      6144:xytTHoerLyksdxFPSWaNJaS1I1f4ogQs/LT7Z2Swc0IZCYA+l82:x6TH9F8bPSHDogQsTJJJK+l82

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      tools/tee.exe

    • Size

      16KB

    • MD5

      d4c1422782c424c586c2524176bcd492

    • SHA1

      054c04d341152311d40aaab4049e6c2c26646b3a

    • SHA256

      1dc4c406ca27d0c46282c2b824a3a3e8a0c94e0e279c6361d6e1a64844680ee2

    • SHA512

      403e88781ed659697012b9ca7107909ac8069ee1927e52aceacac4a201309768e195ecd40e650a461ca095e4054f29d34f93908e697e9896e384382f6fd27794

    • SSDEEP

      384:74sf2ojtD7jcYCA00Z2tmQl8m0neck4fJ4LQO+R:ksO6gVAHLQl37c1J4LQd

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      tools/winmine.exe

    • Size

      117KB

    • MD5

      ea682c022f7204cc8e8c9ef5dce29356

    • SHA1

      a385daea4c367c3c6c55cff139d5f82875515377

    • SHA256

      89bd67086e92d34ae878865ca90cd8952c65c7a651f42b4d3c7a38d13013f33a

    • SHA512

      039719710c7c369f431e9de9cf5719f2d77a5e35f9575b0903c41f2cdd6e42e95c615f64804d4a441ba0742ec504ad2817206428aee7f3d0b9fd2fce0dc60e75

    • SSDEEP

      1536:m/ISYgJe1k9Fixyh/ygDEAG83MXonzq5yk0N6T4nW/X3I+s055OaAZ6Jqe+dSp:+YgJesFixyxyvZcMO/6T4nIB5BAZlgp

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      x64/kappfree.dll

    • Size

      44KB

    • MD5

      f2b16a14ce1f1924ea97aa9dbbcbeafd

    • SHA1

      536201d0814285377c844a02b07cb4529205e433

    • SHA256

      5c65a916fa2f7e61b77527b5fece112934dce770b5d2d097414797423045fa7c

    • SHA512

      0571f862bde1988710f0c6650a42dad9360b2303ec18600097d4c73b94ca059d41c52dd19d713de4656d35e91004e6c3cd2eff05571f1bfa4085e575a0038d58

    • SSDEEP

      768:cZt1lb4fag/k0TxJ9+K0NsF4uoKFzvWdXjkDk/rg/MbwixGGGGGGV/Fog4+zVH5t:cDGTv9+tsauoKBWeAxGGGGGGdFoD+zJ7

    Score
    1/10
    behavioral19behavioral20

    • Target

      x64/kelloworld.dll

    • Size

      114KB

    • MD5

      ff484e5c4449e66ebf365b6ac1d8b5fe

    • SHA1

      87d903945e888e4418c2607d0462f8fe661e3523

    • SHA256

      f35fa50750371eb0ec887723e8e4f7b314f2e629d03dc4c09ac7a56d83d60246

    • SHA512

      30659365c344b646f75d0dc197de6a737734dfe6f9fb68858c60fbcef3d0e08a8cbb0054adb70ab6dcde1f5646de349caab489ca63eed4caaf131d8e693ab997

    • SSDEEP

      3072:dUm+TD+WwWyqSOTo8w2h/feLEHzJa7xzY+d1:pIaWcaToDEfS+yxzPd1

    Score
    1/10
    behavioral21behavioral22

    • Target

      x64/klock.dll

    • Size

      163KB

    • MD5

      c388b5a443746dd0c27d8ce301f86638

    • SHA1

      a39b3cb6d9ea432fe84f51191e86b064d8ebeec9

    • SHA256

      32b2d21062d67ae54b9d1494cf7a58b067c4a9587a83b51a0a7c4c1c0e5c427a

    • SHA512

      121adee78f79885e06d49d698f123af7d8b4e92994e9a637d7cad46929da448e2ab6d082baae028a4aea813a70734dfa32165f00c10c5f1cbb70f8f6ea5093b2

    • SSDEEP

      3072:QKFYz0j60Hlxr4BY6ZnhZyoPHT/yOXQsEEwlCtOJVdnha+UarPK6Ndo:QtwbXr96ZnyeT/yOXQsEzYEnFjtdo

    Score
    1/10
    behavioral23behavioral24

    • Target

      x64/mimikatz.exe

    • Size

      503KB

    • MD5

      04d04a1f0ff9e2ff1d35b8c2950cce53

    • SHA1

      3b79e67d13c79400332c1fe5cc3fa1e84dc07e20

    • SHA256

      789712dfadf9a0d332fa9a156b7d77e2bc497863390665f911fb15d2fc89b816

    • SHA512

      8d26a11fe22e8f29cec4841bb72f5d456324ce8225004c658cc17c71783a53cffa069d1bc274f6c00f09225916c389e170cf986e66e53e755007bf8316886df1

    • SSDEEP

      12288:A8mOku9T16NMmjPDhH79tE1W1kTojlJplxLmP3eTXLN:A9hHhtZ+TcJplxL1LN

    Score
    1/10
    behavioral25behavioral26

    • Target

      x64/mimikatz.sys

    • Size

      28KB

    • MD5

      911c08ce7125a27e44f1101f4bc4c66f

    • SHA1

      ef933c2501b1a4dbdea9c7f08cef6be317ee2cd6

    • SHA256

      6dc969192c846a35d895838ad6a7e3d9b794c5d7555a07430e53fe1e88f7c7f8

    • SHA512

      d409131d634575fba9fd3b713458d1fa19189893075b45b2012b89f8d27fab467a9db2a66774b7b5e824279079395d22bf7a9f36114f2c8ffacb99eb65bf92ef

    • SSDEEP

      768:Mhl13fwPUzNdR6zCJbCfq9LStvdKiUg4+zVHkionxVRy:STCUpAJsKd8D+zJkionxVRy

    Score
    10/10
    mimikatz

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    behavioral27behavioral28

    • Target

      x64/sekurlsa.dll

    • Size

      227KB

    • MD5

      483e5365e1f1d83c2dcd4bdb398e779f

    • SHA1

      d73e417023dff3a9d494c8e807c54d9eb9cd2799

    • SHA256

      633000094b1efaecd3f5b9c0ab29121786fc4746334a21beb2b92dc46c8f902d

    • SHA512

      b2269157d6bc3090cd311872abe498cdbffdffdbafa94cb185aac2f944ddad36a131a933c6ccd1f4f3594c39c6a787d891846b23edc1c72da925e51b6aa2b363

    • SSDEEP

      3072:gWhA0YAeGNWvsOUjciFgkjUqpQxg+18O5T9d4E3j5n64J1Q/2jJvmCbA6E3PHLgh:g2NWdsUqpx+rT9d4Ez5njP3vXsgWd6

    Score
    1/10
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

mimikatz
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

mimikatz
Score
10/10

behavioral10

mimikatz
Score
10/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

mimikatz
Score
10/10

behavioral28

mimikatz
Score
10/10

behavioral29

Score
1/10

behavioral30

Score
1/10