MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c4d52717bfd4ec045a8fd37e819f92f695c962968d026c5172685c7b4cbba3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MimiKatz


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c4d52717bfd4ec045a8fd37e819f92f695c962968d026c5172685c7b4cbba3d
SHA3-384 hash: 04170d78a5fdb63636ef43c2fcece2196f6b1887e75a1236883720312878c021d2ae7f7023cebdf70a358bdb12f6f393
SHA1 hash: e6e12fa3e3634ac9014c20a8aacd1d8feb194ae9
MD5 hash: 8ba8b5ebbd52278939f10854d32bf7f3
humanhash: lion-ack-speaker-minnesota
File name:“杀猪盘”女员工惨遭高管鸡奸后卖到灯红酒绿.com
Download: download sample
Signature MimiKatz
Create hunting rule
File size:3'096'576 bytes
First seen:2021-11-11 17:18:58 UTC
Last seen:2021-11-11 18:56:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e99e8b2f0f54fa66ece655ef8ef93ecc (1 x MimiKatz)
ssdeep 49152:fiWAYJjeTIqToZ7ZVMCuK4rbNLQxRBt5SlQHHovoTirS4AwNS3uAxSdQMRLeLl:6WA8youVFcogTirCVeAxSdQMRLeL
Threatray 61 similar samples on MalwareBazaar
TLSH T181E5F4152B964264E3A63775CD75A66449296F230F69C0BB1E304C0E7D2268EFC23F7E
Reporter ActorExpose
Tags:exe mimikatz

Intelligence

File Origin
# of uploads :
4
# of downloads :
196
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205093/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader43.62753.20805.16337.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware icedid keylogger packed
Link:
https://www.filescan.io/uploads/618d5088a00afa9663a43241/reports/fabd6711-fc33-446e-9a24-feddd929c9df/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bced2f39-ae45-4cff-bdd7-838206af48e7
Result
Threat name:
Mimikatz
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/887643
Signature
Connects to many ports of the same IP (likely port scanning)
Contains functionality to capture and log keystrokes
Contains functionality to detect sleep reduction / modifications
Creates an autostart registry key pointing to binary in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Mimikatz
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c4d52717bfd4ec045a8fd37e819f92f695c962968d026c5172685c7b4cbba3d/
Threat name:
Win32.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2021-11-10 19:47:00 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
389ddb82e254c476a6e3e2534182314d4702ce525371c2bcd5da6ef19d4851fb
MimiKatz
4985cc63bd295199512f828ac8273951f5ca9b53eac2715b0133a7193c11ea59
MimiKatz
5f90cb5229a6fbb6c8b8c1ec159b60bf6ad2cccaf1bdc59788caf8942ebb2785
MimiKatz
640ea5a2c4ea4a2d1a5018f446c0b722407e21f2ec5b81ce2986c037e3f11a09
MimiKatz
aac80ffbaf23f57ae1bc9788b311773ddccacd0838094345f179b777d5d793af
MimiKatz
e0fd6936be4f84e23d88b226280773d0554ef33927e0878a812d1755b8c4bfa2
MimiKatz
ea45f9b3dd2e613bb9cb0659dcf6d66ca092738fc510e37226bb99542ad685c8
MimiKatz
eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8
MimiKatz
f76115cf6e126f5de1f9013a3f62295ef5100a3dda02a3af4a457eccf5793af1
MimiKatz
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/211111-vvt6eabgd2/
Behaviour
Suspicious use of SetWindowsHookEx
Adds Run key to start application
Unpacked files
SH256 hash:
b2a3ea6f79a2d7c8d7a111f8d6151a666822afbc95089b15ea5ca3b04d588b60
MD5 hash:
ab07d9637b29946cb5e1dc9b3cd936fd
SHA1 hash:
a197ec1378968db64a8668575fff658681d1d336
Link:
https://www.unpac.me/results/847b7934-7e5c-4bd0-9f9b-3afa17847bb6/
SH256 hash:
1c4d52717bfd4ec045a8fd37e819f92f695c962968d026c5172685c7b4cbba3d
MD5 hash:
8ba8b5ebbd52278939f10854d32bf7f3
SHA1 hash:
e6e12fa3e3634ac9014c20a8aacd1d8feb194ae9
Link:
https://www.unpac.me/results/847b7934-7e5c-4bd0-9f9b-3afa17847bb6/
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1c4d52717bfd/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/1c4d52717bfd4ec045a8fd37e819f92f695c962968d026c5172685c7b4cbba3d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_TOOL_RTK_HiddenRootKit
Create hunting rule
Author:ditekSHen
Description:Detects the Hidden public rootkit
Rule name:Mimikatz_Strings
Create hunting rule
Author:Florian Roth
Description:Detects Mimikatz strings
Reference:not set
Rule name:Mimikatz_Strings_RID2DA0
Create hunting rule
Author:Florian Roth
Description:Detects Mimikatz strings
Reference:not set

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/205093/

Comments