mimikatz | 2a3669aebf4e3d0f217e8094cab6d9694fbcdcf53ea4941275cabcece8180fbd | Triage

Sharing

General

Target

mimi.zip
Size

1.2MB
Sample

250130-qs6zzasmax
MD5

2c31223acce3005c907769cf476c8269
SHA1

fa903a387ee35bc7f5b532da9d21d63e97f3e69d
SHA256

2a3669aebf4e3d0f217e8094cab6d9694fbcdcf53ea4941275cabcece8180fbd
SHA512

98180fbd90e51cae214663dcc3d249857a4f598788c3fde9385f78a3e7c68ebb28c296e4969a078fa0bc065c3df1455b24827990705a66765d2ff6a03564e64a
SSDEEP

24576:9r5xU1ecI8VALNFiqMRhW/qHDu704bpQLOUXiBQrMnsBfjCOkTdORiEgl2:VD6VaajDju7LFQLDlrMnijCOC0Rul2

Score

10^/10

mimikatz discovery

Malware Config

Targets

- Target
  
  home/maciek/mimikatz/Win32/mimidrv.sys
- Size
  
  29KB
- MD5
  
  c73e71825adbfb9821b9fa6e8672903c
- SHA1
  
  31b827dad64b2dd881b9f0ceb012e0ac6885492c
- SHA256
  
  274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf
- SHA512
  
  87e79c1b86e75f313694b6b7e782c050efc02bff4fc36d366c53f6ecaabad0e9b5b426354f816386127fd6926bde071f9b06b013901f3cf1d5dbb795f90c4eab
- SSDEEP
  
  768:tk0ByYHIVcmA9ytao/fZ+B8zlu7QVHZC5isH:tZyYGA9aLHMB8zl8QJwisH
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
behavioral1 behavioral2
- Target
  
  home/maciek/mimikatz/Win32/mimikatz.exe
- Size
  
  1.0MB
- MD5
  
  6c9ad4e67032301a61a9897377d9cff8
- SHA1
  
  655979d56e874fbe7561bb1b6e512316c25cbb19
- SHA256
  
  e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98
- SHA512
  
  1cd75a4c324365735a97001b55e89b936daed5d003ba7059f885eeca4a26eaaa82041450d77483a36d4be30186730c4e4ca4b8af24122fe403c4dde738d3ff96
- SSDEEP
  
  24576:EuS0VSrYkTp5VFyI0UZK6zU9T8zPnbJFDhOky0c:EuS0O59cX2YcPb7DhCN
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  home/maciek/mimikatz/Win32/mimilib.dll
- Size
  
  50KB
- MD5
  
  d0a1828f64842dde399244d604ceea24
- SHA1
  
  875ba476ec3424f6a16db57306bdb57166a3f1a4
- SHA256
  
  70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521
- SHA512
  
  f113b0ebec33c4ff48c38d2abbf40fa6027bf6b0dbb9f154161724a55ef4c52bfa4c0be765ed35ac9886ed77cb7b50352d63e10ebc19e417c667fe967d24005a
- SSDEEP
  
  1536:/djLFi3O7O8dgejilIn0eiToL7SPNXiFoL7SPQ:/AO7O86ejilInzicfSPNXiGfSPQ
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  home/maciek/mimikatz/Win32/mimilove.exe
- Size
  
  44KB
- MD5
  
  825e6e194a9d5e12cbf109b7de07a244
- SHA1
  
  c3d8cfcc70249106b7d2a1f3e6773e1fc6ae2878
- SHA256
  
  dd3f2e3349c378e1a415c4a6ad450cd3ae4ea29f3fe15d0a72bff64a44e1362a
- SHA512
  
  fed64b8371debf32a644ba4b5b3e7ead2c00ca678cc75e30de6a9794a9fec536388a1251ba87df9cbb3914c30ec5eb5aad26373a1cca1551c6d2932ea7c8f0fd
- SSDEEP
  
  768:FK73Lxt8+AZPNkj1mDPwoa42yj9gwF6VLCx2l/qDVihj1aSoQuSPrihvc1aSoQuV:FK5mhy4f9dqCx2l6ViJoL7SPri2oL7SS
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  home/maciek/mimikatz/Win32/mimispool.dll
- Size
  
  29KB
- MD5
  
  64321f9e601651cb623e63d67de6c984
- SHA1
  
  ee256081c8dff963701a45b9803d9f5d9e6638ec
- SHA256
  
  b016e0fb93032d4ab6f2fb2ec6388e3117442d836bed2fe38ae8b73d7b825c5e
- SHA512
  
  ffe04da002f901fec52bdaa61dbd5dfdfa87d1a3ce53a4941afda008dcd726ceea054b2ef188d6f36ab4691b1fa02c5589aafe118ded0360e5daa4fe98903d3f
- SSDEEP
  
  768:V+B+s0uolsCDihqa1aSoQuSPNaiho9W1aSoQuSP/N:VW0uolHDi/oL7SPNaiEWoL7SP/N
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  home/maciek/mimikatz/x64/mimidrv.sys
- Size
  
  36KB
- MD5
  
  c94de9019767a79573b25c870936d9a8
- SHA1
  
  c66a1c6fbeacaf2db288bff8c064dfe775fd1508
- SHA256
  
  bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc
- SHA512
  
  e8b712a0b0b65520ec17e5576fe1c7c61a2a2a13502f9626625ef4b988b84178f68c0ca2337e2d766e42c19a681a7df41de3faef950ab0698139b89463ec2031
- SSDEEP
  
  768:APVvAF3Sz0Kp4TC/ndBW8ipSfnA+vl1qlCGB8zlu0xVHZC5isB:0VvPz0K3AmDlQlHB8zl9xJwisB
Score

10^/10

mimikatz
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
behavioral11 behavioral12
- Target
  
  home/maciek/mimikatz/x64/mimikatz.exe
- Size
  
  1.3MB
- MD5
  
  bb8bdb3e8c92e97e2f63626bc3b254c4
- SHA1
  
  70df765f554ed7392200422c18776b8992c09231
- SHA256
  
  912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9
- SHA512
  
  70dfa09a152a76b276b04d1ec1276b9e7d7659ff7578a016634c8f396e0ae22b1d9fad7742c98014752c0c7a02a66faa5c83d8b652e76d318401987fd3eb2880
- SSDEEP
  
  24576:APOLHP7+a2HVvM0UyYG7SbQbcaXjn4Gy5+aYoNEVJEjA3e:APO/4UgOLaz4FQdoNEVmMe
Score

1^/10
behavioral13 behavioral14
- Target
  
  home/maciek/mimikatz/x64/mimilib.dll
- Size
  
  56KB
- MD5
  
  ddfad0d55be70acdfea36acf28d418b3
- SHA1
  
  b82787dc098eefa8bf917f76cfb294ac3f8349f0
- SHA256
  
  d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688
- SHA512
  
  887119b149e8df180c395251d2b95be4281f04964074b75d91e4024d3c99b1f5cea4e282ed5597500d8a7e202621d0f6696a6fc1178d110db21659b558fe927a
- SSDEEP
  
  1536:LU+LuaaQkFkTn5b7sFhWSejil3UiRoL7SPliuoL7SPA:LFuaGkTn5b7s/WSejilki6fSPliNfSPA
Score

1^/10
behavioral15 behavioral16
- Target
  
  home/maciek/mimikatz/x64/mimispool.dll
- Size
  
  30KB
- MD5
  
  a03b57cc0103316e974bbb0f159f78f6
- SHA1
  
  9138f91847f3d0fde8853490aa2155edf1567f0b
- SHA256
  
  96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da
- SHA512
  
  508fd93c790385f0a4c18f7f5dd08112878ef22df2b07dca14c05b724918c8781115893d6a2b515283f51e8ba85bfc85b60dc0d41a61fe510a791727ec58f402
- SSDEEP
  
  768:axgWFln5B0uolsN8ihzg1aSoQuSPA7ih01aSoQuSPwj:ax1p0uolo8itgoL7SPA7iqoL7SPG
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18