mimikatz | 3455e87c6d375b52441e43341b3880c34b8904d8026a4df96eb273aae5e97c08

Resubmissions

09-02-2025 05:32

250209-f8mk6ayjcp 10

09-02-2025 05:31

250209-f72zfswrfz 10

09-02-2025 05:28

250209-f6gl5awrct 10

Sharing

Copy URL

Twitter E-mail

General

Target

arsenal-kit20230919-zh-CN.tar
Size

6.8MB
Sample

250209-f6gl5awrct
MD5

ca2a5bdff580b00582698b5bb0cacdb1
SHA1

ce5938166f8f31d4efe922a46e887c3e02ea43b8
SHA256

3455e87c6d375b52441e43341b3880c34b8904d8026a4df96eb273aae5e97c08
SHA512

263cf6fa889c81e053483c008c609c00bd1400d0f5674ba5b9695dad68d444ac50cce8e9b8ed21dbd0b2b5b4aebbb08ba28fc9ab1f39376f40d0f91641f41fbb
SSDEEP

49152:LCEzQi/qE37M4bVrV7/4s9R/FhdotBj4p5kU359UKnVTOm0KDaHsSvU2DXeiqt5N:Ln3JiAvmDEPP0YaVyRLlYbmlDt

Score

10^/10

Malware Config

Targets

- Target
  
  arsenal-kit20230919-zh-CN/build_arsenal_kit.sh
- Size
  
  5KB
- MD5
  
  fc74972f39293664c3c1746c37ed4e25
- SHA1
  
  770421189ad3cfb9ba2a733ca6af9ebd21aef6e9
- SHA256
  
  371080f6247c2b9743c4828abc5ed64734b6a4e5930e5dbc885710774fab0ad7
- SHA512
  
  1e9540223756288ae84bf8063d48d21c18f66b116ab6af0937f66e9f880419ccee141c6b9a026fb764b9d74f63860df245b202621157e480fd68358c24944ad7
- SSDEEP
  
  96:vMdTc1ieDQr/HNJIvnezOyWo7lrOpHtD786EI8rBH8zIx+8vWm8khImw8a24:vMVc1B0Lt4eyyWo5rODwbpxy8IA4
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1
- Target
  
  arsenal-kit20230919-zh-CN/kits/artifact/build.sh
- Size
  
  11KB
- MD5
  
  1ca0b41a49465cb7e2b09dc77f696493
- SHA1
  
  a0796a6e95ea2eddf2827615dbd562630eb3a86e
- SHA256
  
  426227c431c1b2d9c3611d6bd2c40dbc51d86742d6606284c63e1331d764306c
- SHA512
  
  323ae3cce41cf78f5e6f6c6ad3a1f66dca2152c81bf193487859c334f190c6a782f91927a8fb68f0ac1d9d6570b4d6a1d7139ff575d2ef70c46a0c6ebc1f8e1a
- SSDEEP
  
  192:KziEPZN+jqgjugjukjQPQkzwrv+3ELTg2FjI+9g:KjO/tdaeFra
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral2
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/build.sh
- Size
  
  1KB
- MD5
  
  5b666ac7a01ca8eb29c17aba7f8f888d
- SHA1
  
  673df941d3b971aed6bc0fbb2838635fa5f92661
- SHA256
  
  0899cc580588d222492e818cfdc440a7ab11eab169e9fd17ba8f95670cd47c0c
- SHA512
  
  62b5e65fb7fca0baec34e582970f2c3b738552bcc9a1fe4c9d6a03ec77a9a618274bee693bac24797b54bb0c287aff2fabefe4deedef61b90363be8a39d80b7d
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-chrome.x64.dll
- Size
  
  755KB
- MD5
  
  b7a9fd5f3d601dc82c174f1dafac5799
- SHA1
  
  bb9a0a9d7e55956a6d329ceb9c55a6bb9fa8b671
- SHA256
  
  a384d3574295d3f2763630a3d6643d6f759d45d4e10deb3a73d76a711145903b
- SHA512
  
  7dffc525ab1de207a7ae1528dd0271445e8d747c06edec6b9a330aa5bc4a98556ca89d0caffb1d757d9b25d9da1f7083d46b13971535bb7de44ae9ed9db8d4b8
- SSDEEP
  
  12288:6pqa+BSpgo7ttLU5/qlPiHe1euStur4mHC3d3X:6pq7SqoZtg/qFiHqe7M4mO
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral4
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-chrome.x86.dll
- Size
  
  623KB
- MD5
  
  c944bbd13ac4904fb3b31c3e2f2b27d0
- SHA1
  
  d2e6d62a0a13acd547595f6fa27a3fde96c68c15
- SHA256
  
  a33eb47904d7a3b0949d79c3a6051e28e171315082eb896e6b9c688922311c7a
- SHA512
  
  bc7b278710393f9023b98a02749e0561784784c2a329e87cd2a0dabfc9e5c2a9f77418af2701d1f7844df7795422810f47fab479fbed64ca19010110ec9d9d36
- SSDEEP
  
  12288:qmy/sRoFPtR64fVYapNN+DI4dS+1Ob9RtxFrdi4TdNwlyo2VODETcL9hR:q3/PFPtR6YVYaXP4E+0b9R/FhdKF20wO
Score

3^/10

discovery
behavioral5
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-full.x64.dll
- Size
  
  794KB
- MD5
  
  4731f876ba17d82c40c1eed6f597f01b
- SHA1
  
  c725f30a87b933f88dc67be5f6f0ef45f706ed50
- SHA256
  
  4d2e1030fd2e16680f6dbfc630f4fd4180df10131fe25d5826f36bae9619a1f3
- SHA512
  
  b9739e0909220df5c22be2c4d7c6c96fcec2d961dcb1e8ecbfff6477bd1dfd84b77bb603fb41926bb842e418268912dfe08a44b2759db2a1dcfdab8d54d73739
- SSDEEP
  
  12288:t7dTlpmkvMUAbasJU9obUszuhGhF7xYznVemd5vVAobOm:ddTlp5kU3su9ow4KnVhntAqOm
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral6
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-full.x86.dll
- Size
  
  687KB
- MD5
  
  2137195fbba50f73f0f17693484d451e
- SHA1
  
  006517389486662290918daecacedcaf65a9baa4
- SHA256
  
  9ba86ae2808fe8df76a52001ef765b5ad3216447d0c0148dc719c6b9527c0e2d
- SHA512
  
  d4fd9c156081ebf26ae466bbdf21b7b7f7a0b2f489170a57409eaccf270a3d3b7313f896411d4346e5d01c466bfdcc12e132cf3835efd5aed2fc40139ecba9c0
- SSDEEP
  
  6144:84we2712GJRf9/r3qEVltgK8uFWt3FdW08iXqq49ipmwlXm0S3mnhtXtaY+z4:fweIJRftr3nVMK8pF38gqFimdGfaX4
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-max.x64.dll
- Size
  
  1.4MB
- MD5
  
  54dd9c585fee9b75424a1b2fa3584828
- SHA1
  
  f9a73c62d2bda9993f986d2cffd032221a2100ac
- SHA256
  
  8db53b8aefd68e1bf4dfd3fbf65b71cd636fc25c433e42e9d9fed9ca6866905a
- SHA512
  
  466cfd47b99af39fb1b2ad04e052508df563c2742ee4a49e2ac5423d9138d28fc5f07bd7c87e57415345d6fc120f7a81ab7c0bc55a54fa7c0ebcbce61f32d770
- SSDEEP
  
  24576:bBgHR3EXWCdNwPvUlw2oXeiqt5hsWNoikNN0:SHsSvU2DXeiqt5WWqa
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral8
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-max.x86.dll
- Size
  
  1.1MB
- MD5
  
  564403d232ac0036429252d78345c463
- SHA1
  
  1ee91ad43fdd291c0a4d15603762ffa7f24e9f68
- SHA256
  
  4cee15302a5e78ca9221c1fa2206e7bf97322fdf40580dc2df506901c8ba5c61
- SHA512
  
  908d5b4fbbb58afa50feeafa4b04bb4573db8177d147347d485ce276e79974a9c64e804e2e4811a4a5f39c67380cafb32defe209424e3dacabcb08d7e2065e63
- SSDEEP
  
  24576:9UmExe7s3hUGZ4MSmeD0OkuyhsxxJ3GeBlpg0gyG+:9UBlSMNg0ThsxxJ3zm0
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral9
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-min.x64.dll
- Size
  
  305KB
- MD5
  
  691d313252b129f6ef9f949cf5aa383d
- SHA1
  
  87e28712a05932a194354d583e3829d49c77231c
- SHA256
  
  d091deec20b2066fb653f1e5d2473b9359852203e41322daa3d584261822d49d
- SHA512
  
  236eedded3e85c1541ce8e766041576908e2db9f1541d982acae688a58dfb262356f27d05f50af3b0526aaa2dcf38c3792943a0c5db2402540a61a237999983e
- SSDEEP
  
  3072:LKyp/Enkyg5+yr9E4C7ax49Ovsi9sARHGQJYGJKDQkRbTKEkfaGFAV6IgmG3FNrc:hp/ooIK2h7q4TAAQWnbTSCGFAlfioM
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral10
- Target
  
  arsenal-kit20230919-zh-CN/kits/mimikatz/mimikatz-min.x86.dll
- Size
  
  270KB
- MD5
  
  ed9fda842eb2549bb6017e69eb3d06ec
- SHA1
  
  242c7354e69527307c29c25f25c44b37ce40dfdf
- SHA256
  
  8ebe20638b2a474870cc0a3a3286ebe6a4b5062e24600ff0ea9de6af16548ee5
- SHA512
  
  43caf63b732338ec77a019e3e0503cafcd619600a277e3266a76305a5e2034969b0c61ae3443ff6260083b6dfbbf3ed69b40964e2975a3bdf64ee758c4314e3d
- SSDEEP
  
  3072:K8X625abdx3v/1TOg8Bb7wZxqjpsBUD65VZEW/ZpdG4E5RhjLsFx593FNb51sBoc:K8rEznxZ8Bwjq0EWhmiH5W6X
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral11
- Target
  
  arsenal-kit20230919-zh-CN/kits/process_inject/build.sh
- Size
  
  1KB
- MD5
  
  e676f30e0e92774ff7e09c85ad2d2385
- SHA1
  
  e5d0b40283b8a6020f1a815b2df619cc26758ebd
- SHA256
  
  c3e10685278a132a4a9d41acc6fe15f44ab0161a187b206147813e4bc296d19e
- SHA512
  
  0c6abc75efabf6c3ca723046742eb072857ed20f81198124ee696bdea190dc3e5835e4ada128e2e3f163bbf6099f52c2cdc74a3cff0235cc4560ea01cfd5ebe8
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral12
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/build.sh
- Size
  
  1KB
- MD5
  
  27ca947852d22cd90421adab667caf2b
- SHA1
  
  cc55f1192f7de5be4e3e1d32e0278b1c3c18b38e
- SHA256
  
  11b650ad8e4f5387943124c945f2551b81e80fb6139547a501f830cafaa31853
- SHA512
  
  4a395c54bb77f823d121c2ebcd0d30e4e958b7771b776ef985295bda44e1f3fe59c33a3f2cd980308f6abe8bc2ba463d5ecf82a5fee75636b0682b47e5f552ef
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral13
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/compress.ps1
- Size
  
  205B
- MD5
  
  72680e5390c0066a8f61f02d164e55fe
- SHA1
  
  43c91799701a9d64b3681476da3d04ea8c0ed92e
- SHA256
  
  932dec24b3863584b43caf9bb5d0cfbd7ed1969767d3061a7abdc05d3239ed62
- SHA512
  
  b06a096998f923d659e0f5576e02d07c774c62928a567c1496c64af6bd7e427bc44d38cd678615304d58d529d75f876f9d73ccfecf6a2c3b58cd0c7a2692dca1
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral14
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.hint.x64.ps1
- Size
  
  2KB
- MD5
  
  41e41e63f93e914fcdefb83ccd5fbfa3
- SHA1
  
  e9f7d3d9332efb2f2ce23f7696d7915dffae8f78
- SHA256
  
  f30bf12a35ec892d7aeb772b242d6d18b0e22c0f7069c6d5053384e49f41f965
- SHA512
  
  7723c1bbad62a60d5278814b1beb2000612a30cb1b97cbaf1afb4a47eb177312a3e75e8e633758aa2350468f177d1c5cf4ef38a27e2f22b5c3f3a0b38610a599
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral15
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.hint.x86.ps1
- Size
  
  2KB
- MD5
  
  3a134acd5408d6b58413b6cf18e06c19
- SHA1
  
  c38deea6b078160cf04ebfa7d4c8536a33c176ec
- SHA256
  
  f8e1bce1f573148dd5f1ffcfd53eaed60180462e66311c86f5ed2be8d52e6857
- SHA512
  
  094171c3ef648dfb2d088e83e729ed8db97ad4836b368b0864f954039f7cebc3b8244f32a5f755477a77f6c9a677d4845a27031b530939a986037f47521716d0
Score

8^/10

discovery execution
- Downloads MZ/PE file
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral16
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.py
- Size
  
  635B
- MD5
  
  de5bf12eddc4b86075adb39991ffbade
- SHA1
  
  c29a6663f02c18f43f83d338aaf9592ca46b0aca
- SHA256
  
  d5cb406bee013f51d876da44378c0a89b7b3b800d018527334ea0c5793ea4006
- SHA512
  
  219ace5bc3dffe0dc9bba3dd2f3eb5baa6377ad436e5e0c612ac9e07593d7b5877eb075276b50a6f4355cc8991ee35e49393fd85f30651542ecdc857cee37ec9
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral17
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.vbs
- Size
  
  1017B
- MD5
  
  f339b50dae55e3fe4f84a38246efa4c0
- SHA1
  
  799909bf14ef5f6a12694cbe9fdc3d3874512c44
- SHA256
  
  e0683f953062e63b2aabad7bc6d76a78748504b114329ef8e2ece808b3294135
- SHA512
  
  db1e339e8acdf88602545cf9c71ed8426a5e0fb2ab8aa301d36de046137cf00583d613c84ecf421a20e2ef965b1c92a48bde6cc9b20af1d8c13d7823f8b23418
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral18
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.x64.ps1
- Size
  
  2KB
- MD5
  
  577863c6ca83c9eefed6288531333591
- SHA1
  
  cae24914bcfe6f0cd5da72963b2b9a3a93b38e69
- SHA256
  
  522bb549f46bd31fd5fc9edf6023020f6747a698cc963421768377d34e336081
- SHA512
  
  b67f7185cca10d5045b4588c4873e57992640b73d4930262c4eaf6de985141a395d0ee0755853dcd2ab5f58211c0d55ade037a0f9fba9cc649792ad495720444
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral19
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.x86.ps1
- Size
  
  2KB
- MD5
  
  a77c32a3000dc58114d2f338712998c1
- SHA1
  
  ee8dadc4f03f710423ff8db6262791053e8dd885
- SHA256
  
  6476ca1dbcde52e55c1d0712357befe6c1e3a44fe4a723da4db0a26153fccbdb
- SHA512
  
  67ef0e6590666f4cdee0d61ad77b8f5e6f9de7054c8552042a70f4e5deca9e0a15c055809886bf470d91800cfb2aa71f5ff076cd9142f6e833b404c5fb49b295
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral20
- Target
  
  arsenal-kit20230919-zh-CN/kits/resource/template.x86.vba
- Size
  
  3KB
- MD5
  
  56159d403306512a479b913cf08668e9
- SHA1
  
  f0b933ff9b9f899f497d7b41979189909b957bd4
- SHA256
  
  7185601133a51c463ca826f730d9b711daabba1328219dc32cd5abdc769e1028
- SHA512
  
  43f5c4829b0d683cdb99ee35b51e58454cc981b8b93392f7d4195e7c20e061ebbfc07502326d595d99cce16600fe4804b09c6fa8eb7b133041203c8381804059
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral21
- Target
  
  arsenal-kit20230919-zh-CN/kits/sleepmask/build.sh
- Size
  
  5KB
- MD5
  
  fd1dc781d78c5faacf0a5e12e4aa981b
- SHA1
  
  5cfad71f8e89c15b15b85a3db1f1090199c3a36e
- SHA256
  
  cf856c556aae2a13c2a38f4e43314bfc6f4be47f032269d537c299ea9cc603e8
- SHA512
  
  4c2bd4f9b722778900314cd431413ed7759a992864e232c6bd02633b8c7a0d2de036adc491a4c1cade98310aae23e1d01500dfdaed1d49c9afb923c6595b9e71
- SSDEEP
  
  96:zn3maE3Zo3xdC3Yns3acE3I3VG3M5o9HDNEf15DbKU9OF+r:DdKbG9Jf8OUr
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral22
- Target
  
  arsenal-kit20230919-zh-CN/kits/udrl-vs/udrl.py
- Size
  
  8KB
- MD5
  
  9371736d30b2c8235ff7759edc7771c2
- SHA1
  
  180e300cceaf4b4238f6174dac2f96a69dc83846
- SHA256
  
  3683f6c09b25ca665069b31c9ed5a4f34d54783b2b491f02b340aa571d89495f
- SHA512
  
  3a6bff946f27c9dd87d33f2dd1aaef22597669ee43700896ad7c82e31121fb02d1a0f4cf22260e7f22fbd28c9eb2a84707758f3d4d6e24bc06bcd6b42486f1d8
- SSDEEP
  
  192:PPKhr2fHm+6IUV71V3oEcwv78y/aHypPVZ3lNi:PPKhSfG+6XxV4EcI78y/aUtZ3lk
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral23
- Target
  
  arsenal-kit20230919-zh-CN/kits/udrl/build.sh
- Size
  
  2KB
- MD5
  
  b4083570650c683f166f9ab43646767d
- SHA1
  
  aa1edc2b7e27eaa329a19eb03e7aed4b3b43fc7e
- SHA256
  
  f8fc78c9f40264d864259cc4df9f536ae6fa01921041cea528f7ef0c0b383248
- SHA512
  
  5ef333caaeacd56bf998b9fcb97d375b6393339b4561ff078352889c48f8d688197d14934e6c205c7f7f7105e5802c9a8e3ce040a79298f4cd93d02c541369be
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Executes dropped EXE

Checks installed software on the system

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24