MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MimiKatz

Vendor detections: 16

Intelligence 16 IOCs YARA 47 File information Comments

SHA256 hash:	84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff
SHA3-384 hash:	88dafc665de71553052f695adef7666ab65c00424f0837d3dac406f8e166fd2b8ba7307678f1021239c4f15bf32810f2
SHA1 hash:	9b8e47639f8f63ce0e2aff710c8d68b92a49d35d
MD5 hash:	450769b8ae91b551ce93c36195fd1eb4
humanhash:	maryland-south-three-alanine
File name:	fbX0s.exe
Download:	download sample
Signature	MimiKatz Create hunting rule
File size:	3'396'608 bytes
First seen:	2025-08-06 06:22:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d42595b695fc008ef2c56aabd8efd68e (113 x Vidar, 92 x Rhadamanthys, 47 x Stealc)
ssdeep	49152:30PlnGR6b/2rNJemCRLxtJcQtaUIVOghp2g9+3hECB0Z:30jjztJv4Og8hHaZ
Threatray	14 similar samples on MalwareBazaar
TLSH	T1E7F58D17FCA128B6D1AAB23189669152BA717C483B3233D33F50B7782F72BD059B9714
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	kafan_shengui
Tags:	exe mimikatz

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

mimikatz

ID:

File name:

http://bashupload.com/MF8cF/fbX0s.exe

Verdict:

Malicious activity

Analysis date:

2025-08-05 13:32:47 UTC

Tags:

mimikatz tools golang

Link:

https://app.any.run/tasks/aac585b6-b1c2-48fb-9bd3-03db168b054b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Mimikatz

Link:

https://www.capesandbox.com/analysis/19129/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6892f49511d7f9b979e5f337

Tags:

mimikatz emotet

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm base64 crypto expand golang lolbin packed threat

Link:

https://www.filescan.io/uploads/6892f4ae9ef4d2ff7ced644d/reports/0f9c4c94-0b4c-4a98-aa08-037c64a08fa3/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/9f39fb52-7cdc-4035-8c0f-0736df3af086

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) Win 64 Exe x64

Link:

https://app.malva.re/file/450769b8ae91b551ce93c36195fd1eb4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff/

Verdict:

Malicious

Threat:

Trojan.Win64.PSIBitsRRD

Link:

https://tip.neiki.dev/file/84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2025-08-05 17:11:27 UTC

File Type:

PE+ (Exe)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qtti66wu6k4iy6tk65ua3pmnpuhhcnqasm3phqghssgiaewop37q._file

Verdict:

malicious

Label(s):

mimikatz

MimiKatz

5ea61a39ffd3f7b295a5dbb84f1d7dff63bf7b72e0c072ea15f0ac0e434012f4

MimiKatz

84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

MimiKatz

cb1553a3c88817e4cc774a5a93f9158f6785bd3815447d04b6c3f4c2c4b21ed7

MimiKatz

d55c12594e0814ae3e2730ccd38bc61f3e2ce948911be016f6119cfab8397c30

MimiKatz

da22c3632239f33fc51ca0b7617c606d60f3b1dd3a225b01febed0602553fe15

MimiKatz

ebce499de915d8837bdbd47be0ac19cd6382d52904951fac75484947dfd88aab

MimiKatz

error

MimiKatz

+ 4 additional samples on MalwareBazaar

Result

Malware family:

mimikatz

Score:

10/10

Tags:

family:mimikatz

Link:

https://tria.ge/reports/250806-g48hhadq3s/

Behaviour

mimikatz is an open source tool to dump credentials on Windows

Mimikatz

Mimikatz family

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/7df6a1c1-bd57-4e6b-8922-7ff2f78146b9

Unpacked files

SH256 hash:

84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

MD5 hash:

450769b8ae91b551ce93c36195fd1eb4

SHA1 hash:

9b8e47639f8f63ce0e2aff710c8d68b92a49d35d

Link:

https://www.unpac.me/results/2d20485c-3ee0-4b29-880c-c242fb658799/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/84e68f7ad4f2b88c7a6af7680dbd8d7d0e7136009336f3c0c7948c8012ce7eff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata

Rule name:	dgaagas Create hunting rule
Author:	Harshit
Description:	Uses certutil.exe to download a file named test.txt

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	golang_duffcopy_amd64 Create hunting rule

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	HKTL_mimikatz_icon Create hunting rule
Author:	Arnim Rupp
Description:	Detects mimikatz icon in PE file
Reference:	https://blog.gentilkiwi.com/mimikatz

Rule name:	HKTL_Mimikatz_SkeletonKey_in_memory_Aug20_1 Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Mimikatz SkeletonKey in Memory
Reference:	https://twitter.com/sbousseaden/status/1292143504131600384?s=12

Rule name:	HKTL_Mimikatz_SkeletonKey_in_memory_Aug20_1_RID3752 Create hunting rule
Author:	Florian Roth
Description:	Detects Mimikatz SkeletonKey in Memory
Reference:	https://twitter.com/sbousseaden/status/1292143504131600384?s=12

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware

Rule name:	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore Create hunting rule
Author:	ditekSHen
Description:	Detects executables containing SQL queries to confidential data stores. Observed in infostealers

Rule name:	INDICATOR_TOOL_PWS_Mimikatz Create hunting rule
Author:	ditekSHen
Description:	Detects Mimikatz

Rule name:	mimikatz Create hunting rule
Author:	Benjamin DELPY (gentilkiwi)
Description:	mimikatz

Rule name:	Mimikatz_Generic Create hunting rule
Author:	Still
Description:	attempts to match all variants of Mimikatz

Rule name:	Mimikatz_Gen_Strings Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Mimikatz by using some special strings
Reference:	Internal Research

Rule name:	Mimikatz_Gen_Strings_RID2F19 Create hunting rule
Author:	Florian Roth
Description:	Detects Mimikatz by using some special strings
Reference:	Internal Research

Rule name:	mimikatz_kiwikey Create hunting rule
Author:	SBousseaden
Description:	hunt for default mimikatz kiwikey

Rule name:	mimikatz_memssp_hookfn Create hunting rule
Author:	SBousseaden
Description:	hunt for default mimikatz memssp module both ondisk and in memory artifacts

Rule name:	Mimikatz_Samples_2014b_Family_2 Create hunting rule
Author:	Florian Roth with the help of YarGen Rule Generator
Description:	Mimikatz pwassword dumper samples from the second half of 2014

Rule name:	Mimikatz_Strings Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Mimikatz strings
Reference:	not set

Rule name:	Mimikatz_Strings_RID2DA0 Create hunting rule
Author:	Florian Roth
Description:	Detects Mimikatz strings
Reference:	not set

Rule name:	Powerkatz_DLL_Generic Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Reference:	PowerKatz Analysis

Rule name:	Powerkatz_DLL_Generic_RID2F2F Create hunting rule
Author:	Florian Roth
Description:	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Reference:	PowerKatz Analysis

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Windows_Hacktool_Mimikatz_1388212a Create hunting rule

Rule name:	Windows_Hacktool_Mimikatz_674fd079 Create hunting rule
Description:	Detection for default mimikatz memssp module

Rule name:	win_mimikatz_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.mimikatz.

Rule name:	win_mimikatz_w0 Create hunting rule
Author:	Benjamin DELPY (gentilkiwi)
Description:	mimikatz

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/19129/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample