mimikatz | 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648 | Triage

Sharing

General

Target

infpub.dat
Size

401KB
Sample

250108-p4nr4asrak
MD5

1d724f95c61f1055f0d02c2154bbccd3
SHA1

79116fe99f2b421c52ef64097f0f39b815b20907
SHA256

579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
SHA512

f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113
SSDEEP

12288:GtDjvhNTc/cq4RKZZKfArRuSA80m+/6sXRnfPGp:IjTc/cq4RUZaArbInfPGp

Score

10^/10

mimikatz discovery

Malware Config

Targets

- Target
  
  infpub.dat
- Size
  
  401KB
- MD5
  
  1d724f95c61f1055f0d02c2154bbccd3
- SHA1
  
  79116fe99f2b421c52ef64097f0f39b815b20907
- SHA256
  
  579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
- SHA512
  
  f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113
- SSDEEP
  
  12288:GtDjvhNTc/cq4RKZZKfArRuSA80m+/6sXRnfPGp:IjTc/cq4RUZaArbInfPGp
Score

10^/10

mimikatz discovery
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mimikatzdiscovery

behavioral2

mimikatzdiscovery