mimikatz | 0ac6d0b7bdd7d04d06f5229fa53d8ddb0ad7b010a318cc14c59d79828b12826d | Triage

Sharing

General

Target

efab2072095d507acf7eebe1d8e2641d741e62688edd926cf1a52c8899bb5b66.zip
Size

290KB
Sample

250210-tthwbaxjgl
MD5

4c536dc66a1af42d74be633e71a68000
SHA1

c7452ea2aa3431c905e8beaa57b265ab70b6c873
SHA256

0ac6d0b7bdd7d04d06f5229fa53d8ddb0ad7b010a318cc14c59d79828b12826d
SHA512

afd4aa55089bac6dfd2b99631869b2d5b0b56ffeae8e37ee0daca1acf3afa815c80d062f2687683d5a6454239dd26e3963ac4e579423348e2f7fbcb43397dea0
SSDEEP

6144:vJO2rt+1Plk8DZSFeYpjQjnNJWdvNQbjRKBGneA4TP2:vU2rtOO8DZH4jQBGvNsjRKBerR

Score

10^/10

mimikatz defense_evasion discovery privilege_escalation

Malware Config

Targets

- Target
  
  efab2072095d507acf7eebe1d8e2641d741e62688edd926cf1a52c8899bb5b66.exe
- Size
  
  400KB
- MD5
  
  52d843d99b8783b0eda83ec6a35cc37a
- SHA1
  
  40bc79ac3ff1ac7b533c92a9991d528790fb06fd
- SHA256
  
  efab2072095d507acf7eebe1d8e2641d741e62688edd926cf1a52c8899bb5b66
- SHA512
  
  fb5c4ae50c111ed507cae077867cf94a4a9f571dc3a5fdea99a63a8daa92096028d848c9a36c5fcb8f2cb3a9478eb45866757bfbab2f56e5e255a95710c243eb
- SSDEEP
  
  12288:I/XEXxg5SJgzF9X+t4Uq9TUVAO/b2G5jNhZ1L:I/XEXjJSFHUKat/TNpL
Score

10^/10

mimikatz defense_evasion discovery privilege_escalation
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mimikatzdefense_evasiondiscoveryprivilege_escalation

behavioral2

mimikatzdefense_evasiondiscoveryprivilege_escalation