mimikatz | 1f2338d7b628374139d373af383a1bdec1a16b43ced015849c6be4e4d90cc2c3 | Triage

Sharing

General

Target

mimikatz_trunk.7z
Size

879KB
Sample

241118-twydsavqak
MD5

9b161e8fe171550ff1116c11e62b734f
SHA1

1890075e36c792d99aecb57424cffbdbcbe6215f
SHA256

1f2338d7b628374139d373af383a1bdec1a16b43ced015849c6be4e4d90cc2c3
SHA512

e877464194c5af4a92682a4b323173a7f9940e96e7abf847dc18d63ec54d01f14d6c43f7cad44e9cae3b2a6ec0d4ab8cc9798047e839a9b1c6fb2358e309558c
SSDEEP

24576:VVS8/iDSEVeuUaR1XMuzs65mOwhkVahwu5Opo:V88/i+EVpUaR18ot6ye5Opo

Score

10^/10

mimikatz discovery

Malware Config

Targets

- Target
  
  Win32/mimidrv.sys
- Size
  
  29KB
- MD5
  
  0818699d065afcb1f397d578d3708dc2
- SHA1
  
  df107aa0214b914c645967eddff6fdda88152eba
- SHA256
  
  4ff7578df7293e50c9bdd48657a6ba0c60e1f6d06a2dd334f605af34fe6f75a5
- SHA512
  
  f6f89627a1be33788d576acebf16d36fbfa1b6f89d8cb9191771146231ccb5d77af11aa70640813e473872c83171cc4606f490d16d1bce322926046a5bc80cdd
- SSDEEP
  
  768:Bk0ByYHIVcmG9yJao/fZ+B8zlu7TVHZC5is5c:BZyYGG92LHMB8zl8TJwism
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
behavioral1 behavioral2
- Target
  
  Win32/mimikatz.exe
- Size
  
  1.0MB
- MD5
  
  d3b17ddf0b98fd2441ed46b033043456
- SHA1
  
  93ed68c7e5096d936115854954135d110648e739
- SHA256
  
  94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b
- SHA512
  
  cac2230361981323ea998c08f7d9afc9369c62a683a60421628adab1eb1e4ffbbc9c2239a8bf66cb662ad7d56e7284f9051bb548979b8c6862570ce45aa27120
- SSDEEP
  
  24576:uiDjF7X3YoGq4tC1YJk+3nWBkDeq26iLutKcEY4:u05YjqakE3Aq2vu7E
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Win32/mimilib.dll
- Size
  
  31KB
- MD5
  
  46e598798bdde4c72e796edcf2317b52
- SHA1
  
  e00efa11ab8464e665f2a1d526e94cca5c71d9fa
- SHA256
  
  e60c210687e79347d06f9a144ee84417ba9ac4c1f303720f2fe4509734d670d6
- SHA512
  
  c384fe4cd20dc97b53a26593d30b6c5d8d3665f957019b555bad956cc4e238b50216f47af7fa4ad9bd03d30d323b811aa0e32dcea2e25a9df6855a65dcea9a9d
- SSDEEP
  
  384:ZPqreMGv6SqMDjuPRjL9sapJcos+uOiZESsQDygQ2Unn7PAss3sWqWyXO4hMnAl3:lrEdpJLFiq3GO7bs3sdEFyQejil0Tn
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Win32/mimilove.exe
- Size
  
  24KB
- MD5
  
  c67f3497c310c01018f599b3eebae99e
- SHA1
  
  d73e52e55b1ad65015886b3a01b1cc27c87e9952
- SHA256
  
  cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef
- SHA512
  
  1205b5a9a9d2f3fabcce7e53e70e4efce08b21469ae64120beaee67a828d12eeeecddc623b453105ed15990fcc7bbce53175eca6545007f9d68c0aee66e55bc0
- SSDEEP
  
  768:LK73LxCEQskxjvDoR8a4Tj9gwF6VLCx2l/:LK5uGRl4f9dqCx2l
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Win32/mimispool.dll
- Size
  
  10KB
- MD5
  
  dab7a18b02399053ba3ff1e568789fce
- SHA1
  
  ceee090c9ee8279d6410d8d450d55acb81d34766
- SHA256
  
  05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0
- SHA512
  
  6dd0ade4112d7ed44c090f81614ed2f1d84cfcb25a45b08d22b3fa74e4e3f9b99f719f8bca9c1f03d13757f38eac072bb4d55e229c478524bf348f76fc3e36dd
- SSDEEP
  
  192:I191rqbIcL9uD3nhKlWUEHRl1RtnIDKwIb/DtC0uolZC7:RRgDXhKAUQlftO6tC0uols
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  x64/mimidrv.sys
- Size
  
  36KB
- MD5
  
  3e528207ca374123f63789195a4aedde
- SHA1
  
  2616372f708a6fb9665cd28206f4c7de6458f5c5
- SHA256
  
  d30f51bfd62695df96ba94cde14a7fae466b29ef45252c6ad19d57b4a87ff44e
- SHA512
  
  73f83b881e0e329493f6b2ac299ea0b9d9d1b04dc8a4705f78ae3f82b1a3e012db9202079f7e7dff5ad4431d3a8e7e2fb42d3f0963d66ab9a6aa0bf2cfa02c41
- SSDEEP
  
  768:6PVvAF3Sz0Kp4TC/ndBK8ipSPnA+vl1qlCGB8zlu0RVHZC5isg:mVvPz0K3EyDlQlHB8zl9RJwisg
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
behavioral11 behavioral12
- Target
  
  x64/mimikatz.exe
- Size
  
  1.3MB
- MD5
  
  29efd64dd3c7fe1e2b022b7ad73a1ba5
- SHA1
  
  e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
- SHA256
  
  61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1
- SHA512
  
  f00b1ab035aa574c70f6b95b63f676fa75ff8f379f92e85ad5872c358a6bb1ed5417fdd226d421307a48653577ca42aba28103b3b2d7a5c572192d6e5f07e8b3
- SSDEEP
  
  24576:0CgjBAeu8iuUHGzkuBhzy2F+yVICFPC27rIlve3NuacODvsG:0CI7XBE2IuF64rIlmdii
Score

1^/10
behavioral13 behavioral14
- Target
  
  x64/mimilib.dll
- Size
  
  36KB
- MD5
  
  67651e9d2da634adedbe216948d5f752
- SHA1
  
  0731bd320633a6d1ca7835e2bba2c5ee5429b293
- SHA256
  
  aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623
- SHA512
  
  88c7de54fd036a3052a49e52a8bb868e1cd67856b8ef1d0f2ad1151f663addf1d9435fb98f83a24cc16ffd832500061b64399c9fe82edcb83404f59daf7bfd47
- SSDEEP
  
  768:CsdDjdgqUQv+EAZJimW8ahsNekFkTn5btsnsFfZ9kYeUveejil0g:vU+LuaaQkFkTn5b+sFhW7ejil
Score

1^/10
behavioral15 behavioral16
- Target
  
  x64/mimispool.dll
- Size
  
  10KB
- MD5
  
  c6cc0def7d584f431d69126c1cc33a20
- SHA1
  
  ea2646a646662909cd2bf5443e6b0030fb3cc6eb
- SHA256
  
  66928c3316a12091995198710e0c537430dacefac1dbe78f12a331e1520142bd
- SHA512
  
  17199e1be5d40744ae92d5d1b143645fcd0e413b92696fdaeb673785549bf20f4952a19887fe5c14cddbdfa435320a79044510d0de4e2c52fa26a1d2bfd83826
- SSDEEP
  
  192:DGMoIQaZcsBTSWoH6DlI0zPQ4Ib/me0C0uolZC7:VJxgWFlVC50C0uols
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18