mimikatz | 717d574ab49230cd228c2c0fa25ca5f818bf894f2eae16c68d7843d7f81f6cc0

Sharing

Copy URL

Twitter E-mail

General

Target

master.zip
Size

61.6MB
Sample

241202-wzyj3awlf1
MD5

1be68f43d90417b2f40eafe5d0beefa2
SHA1

40b652b988e32689862bf92aeb7f1c29f985ac83
SHA256

717d574ab49230cd228c2c0fa25ca5f818bf894f2eae16c68d7843d7f81f6cc0
SHA512

95289c7f9769528b4a79a44e70a8b65770d65253b5813fe842031de9e0581e324515b186c8f00886924e5d7fa342efa81672c3a9683252c8fca6e2c8d0966117
SSDEEP

1572864:8m1zR4wwfWMy1pPynbJKFehhp7RHF/aSyNzcW4:ZP4X8PybyelRl/tSX4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://localhost

Targets

- Target
  
  PoshC2-master/Install-for-Docker.sh
- Size
  
  6KB
- MD5
  
  e9491135cfba0744d0914440a3abea51
- SHA1
  
  01d1eeaec2d63dfcff7b2d8f0b905666648284d7
- SHA256
  
  df058ab09ac2a11282ae0dab69a48dbfb9be73a1abb0c9820be7281b4c78c84f
- SHA512
  
  0821f0eec3e59e94e80ba372d7e159dd6a4c513b200c1b59e34bac6282a5e808a5f0b3ccc2c970a0ba6c3df72fa7e34f75aab451594035dfa20c8b777d449334
- SSDEEP
  
  192:BeCRfODs6lH2ouNZLwUsp3lTLGmU6y22Xox:TyGbIx
Score

7^/10

discovery antivm defense_evasion persistence
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Write file to user bin folder
  persistence
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  PoshC2-master/Install.sh
- Size
  
  7KB
- MD5
  
  3aef055d6c7f1ea3df272ab04a3d1c30
- SHA1
  
  1678f0ce8c4255907863b6dc2001af9c8dda9cab
- SHA256
  
  2f58503876d531099611322e32df8c7cb2ed7ac64af667903563a5bef902d490
- SHA512
  
  97ef4cef9d08c9c09743363f929b9c9488c5ab753e360fc782c6bcd3a31843c55e25e99c59b0b514b1dcdc99088d6eff82e48e2d129e9d73f1b2671487b2a865
- SSDEEP
  
  192:BVfPntboZecs6lH2uL7t5r9+AmwWVrGfuEbU6j8e2op:LPn8L1TUEfp
Score

7^/10

defense_evasion discovery execution persistence privilege_escalation antivm credential_access
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- Writes file to system bin folder
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  PoshC2-master/cookie_decrypter.py
- Size
  
  1KB
- MD5
  
  889e16f92b183541589f8f1d74bda195
- SHA1
  
  30a03ff1ae25a359f5ca9c366a5ffb3e2dbe7d55
- SHA256
  
  17553f058cea54ab726eaf7bf03b9eebb5ad2637ae2d062203fad39e7af6e35d
- SHA512
  
  cfbebe15dc6f23cb0ace115f44dd47171ab8112c41ab8e73b5c938683802bc66de7e840cefea25174497c34081d41ba88661778f6d50b75607a41b04d2d133cd
Score

3^/10

execution discovery
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  PoshC2-master/poshc2/Utils.py
- Size
  
  7KB
- MD5
  
  98bcce16c47eef2a8363ce539d5c89da
- SHA1
  
  2e3585e79f5e3942f27a1ac8e2aa4d10a44077ef
- SHA256
  
  61343f8989f9f64ea5e0051c1184bcdd2dac397a0bb1f2bcde031f431f3f401c
- SHA512
  
  645a467c7eb6e7848dfdbcaa5ae5d0f85c91dad63afb302d31295235872496c2876ca92b6b466c8b1da5e9a744849c173a33b9630d73679adf8dfc777a3b2f03
- SSDEEP
  
  192:JRtatOL98V0j2uQ4W97XAcLvlHNChkoe7z9lZ2:JRoEhcf+WlXtLJoWoe7J2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  PoshC2-master/poshc2/__init__.py
- Size
  
  1KB
- MD5
  
  47cfbeca59c7c4ea5a7510558e97a167
- SHA1
  
  53ca948bbf7632a6264669e0f2921473cefe74a1
- SHA256
  
  76ebce026bf4aa575d46c742ded5349830888bddbfc1440cff02284077c3fd86
- SHA512
  
  4bebe27d8a35ff8a6f0601c4b4368ae0ab9a4fa6ae4592ab243e4451f6ad119a3a93ed100415c3f417e469b01b252bdb60a5c909a7ba9dca9c170aaf1edabb4e
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  PoshC2-master/poshc2/client/Alias.py
- Size
  
  3KB
- MD5
  
  b301b97961f6ff0d30b1e9c860f1e023
- SHA1
  
  c26c15c296dcbc9bb7fa1cf30191e5268ab7e553
- SHA256
  
  5ebc25f880131a844023ff9829ab4b431c3f7a4ae02e22dc233fb5a1d5dfe9d1
- SHA512
  
  cca092504ffe11e1411b7202c921f66aba6da6505dcf34c4b10d3070b600f026031702c478defc6e6f09ca8120ef529a8e99a21db6545014065f6d5a1f575c84
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  PoshC2-master/poshc2/client/Opsec.py
- Size
  
  133B
- MD5
  
  aa24adaae7b83106054409dc09a027e2
- SHA1
  
  9d06cc8df3049dbd3dc1db3b13a6f1110bc1143c
- SHA256
  
  a55f8c2385d45d33778353672d566540d0cefbeca82c71b37811a2ad469e8c7c
- SHA512
  
  5d3a33c21e3f82fa1c47dd8f10af200a2854fbdfaed879c096f5a56db282f5478283b343b76432fa63c5e8de9232ff00662fecb084b8e4bcdbc2a1cf3c62ac7b
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  PoshC2-master/poshc2/client/__init__.py
- Size
  
  207B
- MD5
  
  302b43b2d0995278c1b2213d18edeb42
- SHA1
  
  6e8b19f8ff75f5236fa74304c7dc1d580d3d09aa
- SHA256
  
  1f16e81b2093b87eab79ba71354c48227c3ea306d7919316f25bb8d210f0fafb
- SHA512
  
  492913faa130baa7f8a5b3f9b103f48e898dc13c095869f280f3fd07bf2dcfb80e6de73d25a0cd590dfa3339f25c6255252b277e83f4609a02a3fcf5b4bb9924
Score

3^/10

execution
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  PoshC2-master/poshc2/client/cli/AutosuggestionAggregator.py
- Size
  
  735B
- MD5
  
  b515e131a63f80724d492d4c6a7f3d37
- SHA1
  
  61e7fb301003be3f516d9f0ec81aa00712b49e10
- SHA256
  
  0d8afe7df0c9836ecfa63ced8eda14e520703e612c24784675048b7fdd852a2e
- SHA512
  
  f084111746001c3205d62ff041cf63f6a07e128ed44a7264c57ed053871349826cc42d6694077011c2e3fea8e29e03cdda200a4b41efda7742404429aa653bbd
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  PoshC2-master/poshc2/client/cli/CommandPromptCompleter.py
- Size
  
  1KB
- MD5
  
  aa06280675a27f21c3adf8ffae4e7911
- SHA1
  
  14c56ad3ab340c641bfbb9243f956e232c218504
- SHA256
  
  3f5403943d93d643ddc4c94675e79ae7c16881614ca20e64bdbed8819b0038c9
- SHA512
  
  6c13eeb700b5f1d6ab80710dcbec7453e1071c85338fd02c081edbc25e6b9c36d1ef0d0b063f98476e7d904ac9232fd833fb01c84696a46980ed8e531d3bb32f
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  PoshC2-master/poshc2/client/cli/PoshExamplesAutosuggestions.py
- Size
  
  613B
- MD5
  
  914b6a6ad72767fe35f99a55e1ee88cd
- SHA1
  
  c47c67af6884b261cf7bee8d2283ff017a0de0a9
- SHA256
  
  5cced10c585fa327d91ce1f32de9d5f5e6abc0c2d3b8c46f6c956082671fae8b
- SHA512
  
  1c2527b55a06f9c503496a4e726615f6322283905a155e141c0f07bcb996693f3fa5d231a05b6b27143589c742b76ad9d995ba78f56e72ece7dfc93cc7f8123c
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  PoshC2-master/poshc2/client/command_handlers/CommandTags.py
- Size
  
  567B
- MD5
  
  f7775af7f042c7eb56af60a9f9c29b21
- SHA1
  
  5bcd77293af2169d107591696f8aa22b68ad1b4f
- SHA256
  
  54701bc1c26ec192f33fec4f1d0b8553e881b85352f8847c6a49bdea25c40337
- SHA512
  
  0414d5a563761ddb5087a32538c21f4a17d05e171044beec94baa2df767a2efd66fdf5cf31ac52d9e22375bc0110f5b14000119f2a244541384c3c2f03b8d326
Score

3^/10

discovery
behavioral31 behavioral32