Report Overview
Visitedpublic
2025-05-09 06:49:15
Tags
Submit Tags
URL
raw.githubusercontent.com/cyberden1/whitehat0x1/main/mimikatz_trunk.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.199.108.133
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
raw.githubusercontent.com 1 alert(s) on this Domain | 35802 | 2014-02-06 | 2014-03-01 | 2025-05-07 | 539 B | 1.2 MB | 185.199.111.133 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
raw.githubusercontent.com/cyberden1/whitehat0x1/main/mimikatz_trunk.zip
IP / ASN
185.199.111.133
File Overview
File TypeZip archive data, at least v2.0 to extract, compression method=deflate
Size1.2 MB (1206166 bytes)
MD5d2d3e1f8023b12fb89e400c7e8ecd7db
SHA14112ef95386ea4d1131be7c600d49a310e9d8f5b
Archive (12)
| Filename | MD5 | File type |
|---|---|---|
| kiwi_passwords.yar | 21cb5b54ab42c19f66a10e839f789d64 | ASCII text, with CRLF line terminators |
| mimicom.idl | ca47e27329203c266372d04475db2c57 | ASCII text, with CRLF line terminators |
| README.md | 389833fb7cb7ceb525e914f0f36f2d40 | ASCII text |
| mimidrv.sys | 0818699d065afcb1f397d578d3708dc2 | PE32 executable (native) Intel 80386, for MS Windows, 7 sections |
| mimikatz.exe | d3b17ddf0b98fd2441ed46b033043456 | PE32 executable (console) Intel 80386, for MS Windows, 5 sections |
| mimilib.dll | 46e598798bdde4c72e796edcf2317b52 | PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections |
| mimilove.exe | c67f3497c310c01018f599b3eebae99e | PE32 executable (console) Intel 80386, for MS Windows, 5 sections |
| mimispool.dll | dab7a18b02399053ba3ff1e568789fce | PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections |
| mimidrv.sys | 3e528207ca374123f63789195a4aedde | PE32+ executable (native) x86-64, for MS Windows, 8 sections |
| mimikatz.exe | 29efd64dd3c7fe1e2b022b7ad73a1ba5 | PE32+ executable (console) x86-64, for MS Windows, 6 sections |
| mimilib.dll | 67651e9d2da634adedbe216948d5f752 | PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections |
| mimispool.dll | c6cc0def7d584f431d69126c1cc33a20 | PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | PowerShell with PE Reflective Injection |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| Public Nextron YARA rules | malware | Detects mimikatz icon in PE file |
| Public Nextron YARA rules | malware | Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible) |
| Public Nextron YARA rules | malware | Detects Mimikatz by using some special strings |
| YARAhub by abuse.ch | malware | meth_stackstrings |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| Public Nextron YARA rules | malware | mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| Public Nextron YARA rules | malware | Detects Mimikatz SkeletonKey in Memory |
| Public Nextron YARA rules | malware | Detects mimikatz icon in PE file |
| Public Nextron YARA rules | malware | Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible) |
| Public Nextron YARA rules | malware | Detects Mimikatz by using some special strings |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Malpedia's yara-signator rules | malware | Detects win.mimikatz. |
| Public Nextron YARA rules | malware | Detects Mimikatz strings |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|