MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MimiKatz


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80
SHA3-384 hash: fed0d6afaf4df2420e0f65272ce8ca210823181d399e38c364dc32c43ba2ed0e44b3e653e1cf4c4b6b101ae3a9a1bf6e
SHA1 hash: 0ffc77ca78c4227704779d43ea0ac73a777b90b1
MD5 hash: 4f8f000a03f55beba479986a1bfb4a54
humanhash: finch-carbon-asparagus-summer
File name:【早 中 晚维护客户秘诀话术】.com
Download: download sample
Signature MimiKatz
Create hunting rule
File size:1'503'232 bytes
First seen:2021-11-11 17:19:25 UTC
Last seen:2021-11-11 17:21:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e58aac529a425209b5e20d1a70512a22 (1 x MimiKatz)
ssdeep 24576:DodMLvEpB/VnJK8NAQyT7WtqlctqLo5G9m/PpLgjTFEqNTHo2oOHJzNv:DLMPVJvyTRlWqLH43pLOEqNTfoOHNR
Threatray 123 similar samples on MalwareBazaar
TLSH T17565CF16B2B282F2CD89257018665F3AF7F597030A21D693E7B7DDB53C22380F726259
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter ActorExpose
Tags:exe mimikatz

Intelligence

File Origin
# of uploads :
4
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205095/
Detection(s):
Win.Malware.Gotango-7000352-0
Create hunting rule

Win.Malware.Agen-7172367-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware icedid keylogger packed
Link:
https://www.filescan.io/uploads/618d50c7a00afa9663a43286/reports/bfdd779d-863b-4397-99b1-0e89e22d2a1f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hidden Rootkit
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b76164c4-b945-4525-9f27-14353b1fde58
Result
Threat name:
Mimikatz
Create hunting rule
Detection:
malicious
Classification:
bank.troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/887641
Signature
Checks if browser processes are running
Contains functionality to capture and log keystrokes
Contains functionality to detect sleep reduction / modifications
Contains functionality to inject code into remote processes
Drops PE files to the document folder of the user
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Performs DNS queries to domains with low reputation
Yara detected Mimikatz
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2021-11-11 17:20:07 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dw64hf2icyi7565excucshdwcot4ahpcximrskmvidj6wqgvf2aa._file
Verdict:
malicious
Similar samples:
10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae
MimiKatz
1948cbc56b010af69cab63977edb0dfb76de1520291fd9eac8777a887f006adc
MimiKatz
4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9
MimiKatz
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
MimiKatz
75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62
MimiKatz
79570a16122dfc2492b9d618b40939fc91f46f9afe1664d1fd479cd54d7fb4f1
MimiKatz
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
MimiKatz
82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
MimiKatz
94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd
MimiKatz
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
MimiKatz
+ 113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence upx
Link:
https://tria.ge/reports/211111-vwe3wabgd3/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Suspicious use of SetThreadContext
Adds Run key to start application
Enumerates connected drives
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80
MD5 hash:
4f8f000a03f55beba479986a1bfb4a54
SHA1 hash:
0ffc77ca78c4227704779d43ea0ac73a777b90b1
Link:
https://www.unpac.me/results/91363655-2be0-4a92-a930-0624e9051051/
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1dbdc3974816/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/1dbdc397481611fefba4b8a8291c7613a7c01de2ba1919299540d3eb40d52e80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/205095/

Comments