mimikatz

General

Target

Ransomware.NotPetya.zip
Size

5.6MB
Sample

241128-fpar9aspel
MD5

33cc34abead8d02cb15dfffb8854c6ea
SHA1

5aab943a2904f82e23b09877e549283eb895e70e
SHA256

1713bce457cbe0b1c8a5a98c6cc86424ea967402af33860cbf0b42ae7a4f9059
SHA512

879eb3b742a98e1674fa811fbaed6c5b00c3b3ac7f749d64beb79533fc00a13dcd113e9b48ed8ce42b72371460af15cbb89f0e1da6bfaf2dbe6acd3fe60dee6c
SSDEEP

98304:Lc7zCLAzRfD/3j7X9jyFvkFhtO2/pD7pqXE3ybRBMzj9cSP6apV0tcWCd:SzeAFb/TLByFvk9HYC9iapmeWCd

Score

10^/10

Malware Config

Targets

- Target
  
  Ransomware.NotPetya.exe
- Size
  
  366KB
- MD5
  
  e5cc289b0b2b74b8e02f5a7f07867705
- SHA1
  
  81a884e16a81979c7fe56e61bcfdb94f8bb937ff
- SHA256
  
  6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305
- SHA512
  
  4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f
- SSDEEP
  
  6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2
Score

10^/10

mimikatz bootkit discovery persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  ayonigga.cmd
- Size
  
  48B
- MD5
  
  c7160c2ed09e3b877a142cf616e2fee6
- SHA1
  
  c99fb4a8d35306e7902c555dcf5d80297aab8877
- SHA256
  
  0819669bf33c67865f28ef7a505ddc21a6a428f81be2631cbab9a67b3b0ada7f
- SHA512
  
  e85147f4389786214c658f1e44c4eac8fb4a7def14ee2769b9f32067fa6ad2f1cbaea2abe28ad12e849694fa3c8f4aba994969d670edeca86c4654b15295ff75
Score

10^/10

mimikatz bootkit discovery persistence spyware stealer upx
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  whtat.exe
- Size
  
  5.4MB
- MD5
  
  5e5399c59bb32954c0061e12b94343ce
- SHA1
  
  f28e0be71af3628091770d69cd808e22b986c5f6
- SHA256
  
  15f5f1045f8c943607454ba31535bcbb189985b6c0355eafd78c375061114b61
- SHA512
  
  584857571c93a2ad8433502bfce56158529c591225f661639e90983dd73264d0b238a2510c80d79956087106aa552202f35780161c7abd78cb6ab50c21c63fde
- SSDEEP
  
  98304:o4MKt7CPNiGsiIm5+hrucIS5/0f6pjMGvIljew66NzjY7PB00WnuS:oItWPoGVjgu+5/kyYGYeT4jYbbWnuS
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6