MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62b14085994023f524c75bb0078c9bb78c5b0e5d82364b87ca7530c041f0ec5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MimiKatz

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	62b14085994023f524c75bb0078c9bb78c5b0e5d82364b87ca7530c041f0ec5d
SHA3-384 hash:	9acca2ed4a53c63e725bc211187e68bcf4594fc99010cc0feda8dcc30c537356e1a77e9b3a957497609bb4b189851a44
SHA1 hash:	760f0374b41424e1cbe33c4fb75f18e9fd082707
MD5 hash:	6bf405634e4a233e3abe938673ecfceb
humanhash:	bluebird-pip-yankee-freddie
File name:	“一区”博彩女推广在“菲”被关小黑屋遭电击捆绑轮奸视频.com
Download:	download sample
Signature	MimiKatz Create hunting rule
File size:	3'681'280 bytes
First seen:	2021-11-23 23:54:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	02dd79a7f977f73635dad5ad559c1d6b (1 x MimiKatz)
ssdeep	24576:bAX+ogpw/O1yKYcQXYhpQAvdjeTAbwW/tCTEWChPGKb:OWAYJjeTIqToZ
Threatray	66 similar samples on MalwareBazaar
TLSH	T14E068C591BA74291DB55377ACCB6A69009590F632F28C0B56E300D1EBD2724EFC23EBD
File icon (PE):
dhash icon	71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter	Anonymous
Tags:	exe mimikatz test

Anonymous

this malware sample is very nasty!

Intelligence

File Origin

# of uploads :

# of downloads :

274

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

“一区”博彩女推广在“菲”被关小黑屋遭电击捆绑轮奸视频.com

Verdict:

Suspicious activity

Analysis date:

2021-11-23 23:58:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9a2e360b-3efc-4613-b567-977021fde8f4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Gathering data

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Сreating synchronization primitives

Creating a window

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug anti-vm greyware keylogger overlay packed

Link:

https://www.filescan.io/uploads/619d7f59b71ceed4152dada5/reports/8f967d40-8585-44b0-bc79-0cc2a15fd9fe/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/166589da-e48a-4e32-9e4d-10ca13afc739

Result

Threat name:

Mimikatz

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/895106

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Connects to many ports of the same IP (likely port scanning)

Contains functionality to capture and log keystrokes

Contains functionality to detect sleep reduction / modifications

Creates an autostart registry key pointing to binary in C:\Windows

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Yara detected Mimikatz

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62b14085994023f524c75bb0078c9bb78c5b0e5d82364b87ca7530c041f0ec5d/

Threat name:

Win32.Trojan.TrickBot

Status:

Malicious

First seen:

2021-11-23 23:55:22 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mkyubbmziar7kjghloyapde3w6gfwds5qi3exb6kouymaqpq5roq._file

Verdict:

malicious

MimiKatz

5d6231c525666c6204815f4d1447bbad850bed0450c313bdf5a47612271fa539

MimiKatz

5f90cb5229a6fbb6c8b8c1ec159b60bf6ad2cccaf1bdc59788caf8942ebb2785

MimiKatz

640ea5a2c4ea4a2d1a5018f446c0b722407e21f2ec5b81ce2986c037e3f11a09

MimiKatz

aac80ffbaf23f57ae1bc9788b311773ddccacd0838094345f179b777d5d793af

MimiKatz

af46e5160e837fafd904b62bd81795beefa95ec11d854cedee7565a991210d87

MimiKatz

e0fd6936be4f84e23d88b226280773d0554ef33927e0878a812d1755b8c4bfa2

MimiKatz

eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8

MimiKatz

f76115cf6e126f5de1f9013a3f62295ef5100a3dda02a3af4a457eccf5793af1

MimiKatz

+ 56 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

persistence

Link:

https://tria.ge/reports/211123-3yffesbehk/

Behaviour

Suspicious use of SetWindowsHookEx

Adds Run key to start application

Unpacked files

SH256 hash:

b2a3ea6f79a2d7c8d7a111f8d6151a666822afbc95089b15ea5ca3b04d588b60

MD5 hash:

ab07d9637b29946cb5e1dc9b3cd936fd

SHA1 hash:

a197ec1378968db64a8668575fff658681d1d336

Link:

https://www.unpac.me/results/22e1408f-84a0-4307-957f-709c7a7524b1/

SH256 hash:

62b14085994023f524c75bb0078c9bb78c5b0e5d82364b87ca7530c041f0ec5d

MD5 hash:

6bf405634e4a233e3abe938673ecfceb

SHA1 hash:

760f0374b41424e1cbe33c4fb75f18e9fd082707

Link:

https://www.unpac.me/results/22e1408f-84a0-4307-957f-709c7a7524b1/

Malware family:

Mimikatz

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/62b140859940/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/62b14085994023f524c75bb0078c9bb78c5b0e5d82364b87ca7530c041f0ec5d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.