mimikatz | 38c2415cc3c96bbdfdc6b9df02974e1b2738c5061cbf2a634f66c18de166e82c[.]exe | Triage

Sharing

General

Target

38c2415cc3c96bbdfdc6b9df02974e1b2738c5061cbf2a634f66c18de166e82c.exe
Size

1.2MB
MD5

c8e180deffc7e23cd518869a2109134f
SHA1

bf76835378260b27ef1b461ec221cdce53046b90
SHA256

38c2415cc3c96bbdfdc6b9df02974e1b2738c5061cbf2a634f66c18de166e82c
SHA512

d2d44a5f367b0f83e5f7623f9e0c2e1bb29c956b09b42c878c1f74820f1771c387b37b98ddc76da17b61ea19a562f19ebee8564d75f8383404f1c54d256bd2f2
SSDEEP

24576:zLrEjqXg4NiXcmHVjIhlIyEeQ37uV3Ugmf4Yl0Q0V7JCs:zLZo1jFyjFJhmf4YlHWP

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes:

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
38c2415cc3c96bbdfdc6b9df02974e1b2738c5061cbf2a634f66c18de166e82c.exe

Files

38c2415cc3c96bbdfdc6b9df02974e1b2738c5061cbf2a634f66c18de166e82c.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ