Author: Jay Garcia   
 Modified By:: Mc Justine De Guzman
 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Hacking Tool

  • Destructiveness:
    No

  • Encrypted:
    Yes

  • In the wild::
    Yes

  OVERVIEW

INFECTION CHANNEL: Eliminado por otro tipo de malware, Descargado de Internet

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Puede haberlo infiltrado otro malware.

  TECHNICAL DETAILS

File size: 862,720 bytes
File type: EXE
Memory resident: No
INITIAL SAMPLES RECEIVED DATE: 24 de września de 2020

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Puede haberlo infiltrado el malware siguiente:

Otros detalles

Hace lo siguiente:

  • It has the following modules with different capabilities:
    • standard - contains common commands to operate the tool such as exit, cls, cd
    • privilege - used to manipulate privilege/rights
    • crypto - uses CryptoAPI functions which has the capability to list and export certificates
    • sekurlsa - has the capability to extract Windows passwords, keys, pin codes, tickets
    • kerberos - uses Microsoft Kerberos API which has the capability to manipulate Kerberos tickets
    • lsadump - has the capability to dump Windows credentials
    • vault - used to manipulate vault credentials
    • token - used to manipulate Windows authentication tokens
    • event - used to clear/drop event logs
    • ts - contains remote desktop capabilities
    • process - used to manipulate processes
    • service - used to manipulate services
    • net - used to display information about Windows users
    • misc - contains miscellaneous commands such as open cmd, open regedit and open taskmanager
    • sid - used to manipulate SID(Security Identifiers)
    • minesweeper - helps read the location of the mines on the game 'minesweeper' straight from memory
    • dpapi - used to work with DPAPI (Data Protection Application Programming Interface)
    • busylight - provides additional information for and control of connected BusyLights
    • system environment - provides the ability to manage system environment variables
    • rpc - provides remote control of mimikatz
    • sr98 - RF module for SR98 device and T5577 target
    • rdm - RF module for RDM(830 AL) device
    • acr - ACR module

  SOLUTION

Minimum scan engine: 9.850
SSAPI Pattern-Datei: 1.993.00
SSAPI Pattern veröffentlicht am: 28 de sierpnia de 2018

Step 2

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.

Step 3

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 4

Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como HackTool.Win32.MIMIKATZ.SMGD En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.


Did this description help? Tell us how we did.