mimikatz

General

Target

Ransomware.NotPetya.zip
Size

10.7MB
Sample

241128-fvzcsssrcl
MD5

ce31244aefcd40ae280a8cbbbafc9813
SHA1

e7da4d4a81c4642d700dfcc05f9f548ee29732d2
SHA256

40fe066089810be5f81182670c58a8e326ab4b86362c6b63d9e8e6b982045c17
SHA512

fa1c70df020bcddc8775ffeb233d288cb3502e6c3bfa6fdc3b5b9f35735586b39ed76e632042d3c056627d391b278c471b179097b046759d387829521d7b70e0
SSDEEP

196608:0rzXp15ZauYb1y0V9S9GYurEHpt2LVBjFLZiUXNmHFyrJz/w+quqUV7:iZ1FKTrEHCJBFLZiWmHEJz3qe7

Score

10^/10

Malware Config

Targets

- Target
  
  Ransomware.NotPetya.exe
- Size
  
  366KB
- MD5
  
  e5cc289b0b2b74b8e02f5a7f07867705
- SHA1
  
  81a884e16a81979c7fe56e61bcfdb94f8bb937ff
- SHA256
  
  6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305
- SHA512
  
  4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f
- SSDEEP
  
  6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2
Score

10^/10

mimikatz bootkit discovery persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  ayonigga.cmd
- Size
  
  44B
- MD5
  
  47890dcb8055d784b4d6a7cd40489881
- SHA1
  
  1bbb3241ae64d8b5979ecfce992c181b48009c51
- SHA256
  
  7c39af713d9b2983b7dbbefdbd6c0c36fffdc40bba97b7015dee2f4549510449
- SHA512
  
  bbe72e1fb1287a30920f6842cae2d00ab9ee31f2ffb1ee3b09c1f6db3008e81fec9ad7133ed72ae7532e0e181a4cbea8b5bbdbe66543ac932830c6ed08ea2107
Score

10^/10

mimikatz bootkit discovery persistence spyware stealer
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  www.exe
- Size
  
  10.5MB
- MD5
  
  b94d63a2c797d7456c84da31a957ea03
- SHA1
  
  b96f1f6597dfab5bc5f09e7a5655978ca8e879c5
- SHA256
  
  94829493b5fc8b25067a0ef914c898d6d62062f2791cf793e2590c48b6496b14
- SHA512
  
  6f80234f84638d51cd6909d04dca25c2b48026657d025e564460315f6c279744ac75132d5aedbc214032bc0538c97868d11c7a290be5e3ff7c33e5b1ee1fa8ca
- SSDEEP
  
  196608:GbcfzHZaeMtt1Kxlm9au4jLSZZtyRB49n/Z3dd06GMXByrfb7mSWugrr:UkzH9xjLSZW0p/Z3dd0lMXwfbxgP
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6