mimikatz | e1d33b5b75def57194ae35e06e2cdc8a96e6c94b555a0f85b714b7f232c90571

Sharing

Copy URL

Twitter E-mail

General

Target

master.zip
Size

30.6MB
Sample

241119-xa78mszdpb
MD5

44d0576225b7a60540f7488fd4a0a752
SHA1

1a531535cc84d8a905a1dacf9710f7c010795c94
SHA256

e1d33b5b75def57194ae35e06e2cdc8a96e6c94b555a0f85b714b7f232c90571
SHA512

30ba65e3bc8005962be23e297746c3a86f36dd2ad5722e43f50669bf367673d3ac4a4a8c45366716de10e7b8fe1d2253604e9b56647cd16cbe6f075dfd2f6b1e
SSDEEP

786432:9bJjhj4hK3X2z9dqoC0nET+sNF1OQpGpv0:vL3XWC0nonNF6pM

Score

10^/10

mimikatz execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://content.dropboxapi.com/2/files/upload

Extracted

Language

ps1

Source

URLs

exe.dropper

https://example.com

Extracted

Language

ps1

Source

URLs

exe.dropper

https://example.com/p

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.youtube.com/iamjakoby

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/I-Am-Jakoby/hak5-submissions/raw/main/OMG/Payloads/OMG-JumpScare/jumpscare.png

exe.dropper

https://github.com/I-Am-Jakoby/hak5-submissions/blob/main/OMG/Payloads/OMG-JumpScare/female_scream.wav?raw=true

Extracted

Language

ps1

Source

URLs

exe.dropper

https://c4.wallpaperflare.com/wallpaper/553/61/171/5k-black-hd-mockup-wallpaper-preview.jpg

Targets

- Target
  
  usbrubberducky-payloads-master/payloads/examples/Conditions/Conditions-example5.txt
- Size
  
  890B
- MD5
  
  970ebd543438a15e9c09d9428142b1ae
- SHA1
  
  4914dd6a82bc3c01c90aad4c7cc74377bc8b18f7
- SHA256
  
  78108479244d0fc1cb47f27adc8bbb9fc872c27d4c49225d90661d38e1168f90
- SHA512
  
  616f10bdb6660ede36dffc36595db8bdfe2f3f3418efd93f5106633144ce8e27a6fb525afd4713efe766baa40c7e75700c500dc0924212a333f4fc68674420ad
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Example_Payloads/konami_cave.txt
- Size
  
  5KB
- MD5
  
  f43b8771eb874d6d298c5f77a5bb2221
- SHA1
  
  f9f6dd47da2a6534e4f5e04f189664f1d6a50aa0
- SHA256
  
  bb0839a2eace82cd3d67e3528134081059f9fdd243420c5be4ba71849f267b6e
- SHA512
  
  555442a5e6c7e7d0568b1c249603a4414602a199d6887b4e8268c410c2cda495a4fa8c5880be6d4f103bf61d57af24bb0fdbd9af8d68c1782a2831d9bd848897
- SSDEEP
  
  96:Ab9Cf0E0E/F+fyy0q2IBhOytdftuifSaXT4zZajoFieHQaToO8hM+K:mOYfVSVyoEEjTkK
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Example_Payloads/payload_menu.txt
- Size
  
  1KB
- MD5
  
  775e59624481d805de0f9231d3fccf5e
- SHA1
  
  5d5cd0187be90d00f1caec905b0e0e0c178ee82f
- SHA256
  
  1e654e133b24fa60de4d727e48a39c786241b17d302254d3c05d9dffbb96f8b8
- SHA512
  
  be7a292b13cbd8cb355649f539bdb3b9c127e4a7c0fdc3d39542a661e83d74e9e756afdbbecc037d6d866f309f8adbc723c4de330fcd74d8c55a87cb3f45848a
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Exfiltration/Exfiltration-example4.txt
- Size
  
  208B
- MD5
  
  4e272321a49badce23bfa7ace4f213ba
- SHA1
  
  214a2b2f4cd177a99c75c008e500f592a278edeb
- SHA256
  
  5eacbbeb470a1fe2e773c5b1c689ba902ed9b914c32b15b12625ebbb824b99e1
- SHA512
  
  848e3fbcd1b7cd9297ebb97b0d40503182f334b9ff535de2d10c72ed47436ff713db4b37f7f50a4155b2168ff93bcba3184c5724ef60755dc3835e2968b6f1a6
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Functions/Functions-example1.txt
- Size
  
  693B
- MD5
  
  8cdcf893a11d48c1bd126e963e543fdb
- SHA1
  
  d686b128a020c845563ec55dce5ef4216c2995e2
- SHA256
  
  d4f9cf71c0d50af44686da004041bf1f49589e31fa72e90fdff8795851337254
- SHA512
  
  6155a0951b2ea2b092c0f1a9746bad0e4f1a58d2067d8ba203cc369f0a07d3fcce3ea00d1abb7ba6f96ef491ff866cd460b4f885887fcbc910cf659d231133e9
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Lock Keys/Lock-Keys-example2.txt
- Size
  
  939B
- MD5
  
  19ecbec9ff1b9289f02a95cf56ecac6c
- SHA1
  
  5ed40a6a6af3df811863118ee15c8fc406749fba
- SHA256
  
  af23876c26223022f9dd6ac12ddb8be98b628d9da2f0c35dfade05cacafd9705
- SHA512
  
  019686958877e2c867c349e7be6a706b84a94114e63f9ae1a06768b8da5a8d7feddb9cfdb7e02113161a031e95a3affdce35345a69ea44a8761ae2a3e2c700b4
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Loops/Loops-example1.txt
- Size
  
  892B
- MD5
  
  d82695a2c10cf43f907c62de13a6132d
- SHA1
  
  88ec1dd537f68c629717ccc3254d4a6446de7752
- SHA256
  
  ddd387e7eb7783271fad3f56025de0cc212e7f3bcfa22e75b7a0b1d732f95f8f
- SHA512
  
  e243bba1fbb22e94acb8f63172657f865362341e83165219782e6e6b11fbe2b6856cc7930b6720a63ccbdc52a4fc3ba8b32dee3a71d439338572107b9d728c74
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Loops/Loops-example2.txt
- Size
  
  546B
- MD5
  
  b44e11d8a873e2e0cb971bbc22877147
- SHA1
  
  cdda462b0f14290708481a665258a98c2f201246
- SHA256
  
  4170e52c045063af8630af23f9d2a472a587f50835723068fa6e5ded4b3c9057
- SHA512
  
  48ae8140b2f95248ce1539c0e82ef2b62eee818070eae5113f7c0a34d967e35ba08aa1e086699ab0ccea2b3c5c9029c4c1c6d8e069e3876da2006367ded37780
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Operators/Operators-example1.txt
- Size
  
  743B
- MD5
  
  8fd8132094af651bce7e58ced4300337
- SHA1
  
  ca54c179ac4715de60e90ed255285a697011ab26
- SHA256
  
  56875fa997129cfe98f0859da9c057a040ca97b577ab708042e68172db10639a
- SHA512
  
  a82022aae81cd8e4292feed09b87a15758317be89aab946f548acb30260e71a12709f8ad571359c175a1dd1465eb2ab70de6604344f614fe1f63e335f4376767
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Operators/Operators-example2.txt
- Size
  
  662B
- MD5
  
  099fcfa255d7f5c56ce10f5aa9b8f967
- SHA1
  
  885e76ed125b1d1de9c0de5bf9f569ae603d7451
- SHA256
  
  4e3aef3e7662da6578f96cb5eadb4d8cb97a9d00d8d5358e4b7e97b0445270a1
- SHA512
  
  34379b61a9960405552a28afe622c0ca275b6a9d558c3ae8dd373910d0b8b704dc7f88824488f25662f8fa20ba0f056bcf56b6a136119f5ba6e5c79b091df4db
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Operators/Operators-example3.txt
- Size
  
  433B
- MD5
  
  aac9675e44335be593675100986d0356
- SHA1
  
  51eb0fb14b682d1583664ac23479931f401de140
- SHA256
  
  eb0fdd5c68e81866020672e34cbb0f9f7cc1be7667e170af4f06bce52c4a76d9
- SHA512
  
  924f5d885e3fc8564ef677683be0eaed89b9b7747a8290aebd94a93d0ccf52b303ab0e6f47797a47aef17830ef5db7ae680d5c1ccf57514809917619c2bb4898
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Randomization/Randomization-example2.txt
- Size
  
  267B
- MD5
  
  ce4eb40c763bef412640c47cb1239182
- SHA1
  
  2e44fbe920267ff86c47554d100812ce604ba570
- SHA256
  
  2ea58464940bd29086c2bcb020d9cefdd66b73b269fdf0f214362ca4fe55ff83
- SHA512
  
  803114d856d0904e8d0a32501dc6e1ee0676eebc4919a8b85916ac83bd2a156727f391c811a6cea01124eba941b606777d65cb29f94dcdbcfe85ba29f3ba14fe
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Randomization/Randomization-example3.txt
- Size
  
  335B
- MD5
  
  1eb2717b912618a7f1bb60141500efd4
- SHA1
  
  2d96824ea5ffe7398d8ae7278f0523de1e1400e3
- SHA256
  
  586bae6825b8a640c9b23e21689e38b468051f978a071ace82b267ddd185a827
- SHA512
  
  afc0d4995ab8cfc71c9398d062f5b5681f75bb633e400367e56837fec67d698dca2b3d73471a945e891f061e31f7f151933c62addb28f2144ac0b2732056012b
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Tests/test-suite.txt
- Size
  
  18KB
- MD5
  
  6e1db4f126ff79540951e1ead1280c51
- SHA1
  
  323668ff1a82497edf9ba11bb942eb1a30843fa4
- SHA256
  
  b14bc98adb89f02ccb61c5f133f92cad60ffd2e9949cfdeed489c972c7b0bac0
- SHA512
  
  c5d5d1ea48ff3007523afaa601e721f8108b7ec2434f3b5e9a34ec85bf912a1366847fd4f5ee7e7ffa774dbea871f8e9913ac4d0bf43a1215cce622a1dca6517
- SSDEEP
  
  192:RHYrlAiuEZKGCZ1Tg6umR/hjIhVgznDQxFsAJu+4:R4JAwKGa1Tj/hqgzDQRf4
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  usbrubberducky-payloads-master/payloads/examples/Variables/VAR-example1.txt
- Size
  
  723B
- MD5
  
  23fc494b85afc55429e8eee9bbff0749
- SHA1
  
  6100a11d7f1ffa292d0b5c415a908c24bdb51f07
- SHA256
  
  3168a4369033c74578f147c8fb676ed4a3e29b32a3ede763c0713babcb156e1f
- SHA512
  
  96d1d48175a2af6f5385d69013fc2c1276dcd56b0d5d8af970165763ed6451c711f06ce2c78689690e9e7eb11bc156c4e8f69bd52af3567a84e827605d807e6f
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  usbrubberducky-payloads-master/payloads/extensions/community/ROLLING_POWERSHELL_EXECUTION
- Size
  
  3KB
- MD5
  
  bdc1b01b531de92efe3301037e54d9a9
- SHA1
  
  2f18485a9c1fca5f4d44277c73eee362cea1212a
- SHA256
  
  c46880a37835fc9ad1b839738145b1ab7de93a1335eec9b52ea4c938c9147646
- SHA512
  
  d809df5400dcf3d4aba669a062e851d71e598850b2f51047d499dd3806eed973746a233c730cd7e061f224198d7020c44eaa63036c6ac600a6cff69bc06efadd
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32