Report - 120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe

Report Overview

Visitedpublic

2025-10-25 23:15:41

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
120.25.163.165	unknown	unknown	No data	No data	437 B	1.1 MB	120.25.163.165

Timestamp	Severity	Source IP	Destination IP	Alert
2025-10-25 23:15:17	high	172.18.0.16	120.25.163.165	ETPRO MALWARE Observed GET Request for mimikatz.exe
2025-10-25 23:15:17	high	172.18.0.16	120.25.163.165	URLhaus Known malware download URL detected (3192568)
2025-10-25 23:15:17	medium	172.18.0.16	120.25.163.165	ET INFO Executable Download from dotted-quad Host
2025-10-25 23:15:17	high	120.25.163.165	172.18.0.16	ET POLICY PE EXE or DLL Windows file download HTTP
2025-10-25 23:15:17	medium	120.25.163.165	172.18.0.16	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
2025-10-25 23:15:21	high	120.25.163.165	172.18.0.16	ET MALWARE Mimikatz x86 Executable Download Over HTTP

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
Nextron YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	mimikatz
Nextron YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	Detects Mimikatz strings
Nextron YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	Detects mimikatz icon in PE file
Nextron YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Nextron YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	Detects Mimikatz by using some special strings
YARAhub by abuse.ch	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	meth_stackstrings
Elastic Security YARA rules	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malware	Windows.Hacktool.Mimikatz
ClamAV	120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe	malicious	Win.Dropper.Mimikatz-9778171-1

URL

120.25.163.165:8080/mimikatz_trunk/Win32/mimikatz.exe

IP / ASN

120.25.163.165

#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File Overview

File TypePE32 executable (console) Intel 80386, for MS Windows, 5 sections

Size1.1 MB (1084416 bytes)

MD5ab9b9561a7c762f4d4f6b4f0f1d0e76d

SHA165587aebc325f61602a3a74ef84b6e7d8657e9c3

SHA256bdba08454ca87888e69b7c9bfa7d3d44c697026198a1026097015d6e6e2a4daa

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	mimikatz
Public Nextron YARA rules	malware	Detects Mimikatz strings
Public Nextron YARA rules	malware	Detects mimikatz icon in PE file
Public Nextron YARA rules	malware	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Public Nextron YARA rules	malware	Detects Mimikatz by using some special strings
YARAhub by abuse.ch	malware	meth_stackstrings
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
ClamAV	malicious	Win.Dropper.Mimikatz-9778171-1

	URL	IP	Response	Size