mimikatz | 1317195066e9a71104fbcdbf415b90ddef6e62ecdbb9a86cabf12e5557181a4fN[.]exe | Triage

Sharing

General

Target

1317195066e9a71104fbcdbf415b90ddef6e62ecdbb9a86cabf12e5557181a4fN.exe
Size

1.2MB
MD5

bc3f280d4dbe03b2d44b7b2fd536d660
SHA1

9346d7a24416819722eaf47c3dbfa46dafe75298
SHA256

1317195066e9a71104fbcdbf415b90ddef6e62ecdbb9a86cabf12e5557181a4f
SHA512

38b4d0c0ba7f321a0c1fd2e0cab6c21463b0aafa49a40adbf7c1a9239d52d4029066f0124b796e81c4e71121fb271e522b0c7b2893268363e2047c4c85e07584
SSDEEP

24576:zLrEjqXg4NiXcmHVjIhlIyEeQ37uV3Ugmf4Yl0Q0V7JCU:zLZo1jFyjFJhmf4YlHW1

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1317195066e9a71104fbcdbf415b90ddef6e62ecdbb9a86cabf12e5557181a4fN.exe

Files

1317195066e9a71104fbcdbf415b90ddef6e62ecdbb9a86cabf12e5557181a4fN.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ