Report - github.com/ParrotSec/mimikatz/raw/master/x64/mimikatz.exe

Report Overview

Visited public
2024-09-10 03:46:46
Tags
URL
github.com/ParrotSec/mimikatz/raw/master/x64/mimikatz.exe
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-09 18:12:09	1.3 kB	3.6 kB	23.36.76.225
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-09-09 14:37:47	511 B	3.8 kB	140.82.121.4
raw.githubusercontent.com	35802	2014-02-06	2014-03-01 08:08:08	2024-09-09 18:43:40	522 B	1.3 MB	185.199.110.133
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-09 18:12:09	654 B	1.8 kB	23.36.76.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	mimikatz
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects Mimikatz strings
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects Mimikatz SkeletonKey in Memory
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects mimikatz icon in PE file
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects Mimikatz by using some special strings
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Windows.Hacktool.Mimikatz
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Windows.Hacktool.Mimikatz
2024-09-10	medium	raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe	Detects win.mimikatz.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe
IP
185.199.110.133
ASN
#54113 FASTLY

File type
PE32+ executable (console) x86-64, for MS Windows, 6 sections
Size
1.3 MB (1250056 bytes)
Hash
e930b05efe23891d19bc354a4209be3e
d1f7832035c3e8a73cc78afd28cfd7f4cece6d20
92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	mimikatz
Public Nextron YARA rules	malware	Detects Mimikatz strings
Public Nextron YARA rules	malware	Detects Mimikatz SkeletonKey in Memory
Public Nextron YARA rules	malware	Detects mimikatz icon in PE file
Public Nextron YARA rules	malware	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Public Nextron YARA rules	malware	Detects Mimikatz by using some special strings
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Malpedia's yara-signator rules	malware	Detects win.mimikatz.
VirusTotal	malicious	VirusTotal - Scan result 64/73

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80f3aada09a34a0d6e43e77f160ac485
8feee259be181420c2c17ccb3d81ce9bc980b577
cccc9314ca2d07fb6a2a5d91a8d7b37f16fd78a5d14b0e6a27de0df82e47f1f3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CCCC9314CA2D07FB6A2A5D91A8D7B37F16FD78A5D14B0E6A27DE0DF82E47F1F3"
Last-Modified: Sat, 07 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5186
Expires: Tue, 10 Sep 2024 05:12:46 GMT
Date: Tue, 10 Sep 2024 03:46:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
85b35ef8e54cfd751670f6a6d56541bd
162e94ccf2a785ea99c41f45c3a76815a2f8ae5f
3f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D"
Last-Modified: Sun, 08 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14729
Expires: Tue, 10 Sep 2024 07:51:49 GMT
Date: Tue, 10 Sep 2024 03:46:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
010d9d76f2cffcde2776f30737ea6daa
8f2fbd4790c6a38d70f1e6d4be7b34a6cf562d70
5b0f8b959509a0ebd05f4fd4dca127683100ab3c79a154da1b78247ebf21ffda

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5B0F8B959509A0EBD05F4FD4DCA127683100AB3C79A154DA1B78247EBF21FFDA"
Last-Modified: Sat, 07 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5218
Expires: Tue, 10 Sep 2024 05:13:18 GMT
Date: Tue, 10 Sep 2024 03:46:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b73e5b140c4c19e7e5450cce90348dec
c2186b718c50a53bf30e1093713305403a8bd673
eddd5af125077f387f37956c09c275a35be27c88fbcb02b1d789f352c0dfa5ba

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EDDD5AF125077F387F37956C09C275A35BE27C88FBCB02B1D789F352C0DFA5BA"
Last-Modified: Sat, 07 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10418
Expires: Tue, 10 Sep 2024 06:39:58 GMT
Date: Tue, 10 Sep 2024 03:46:20 GMT
Connection: keep-alive

github.com/ParrotSec/mimikatz/raw/master/x64/mimikatz.exe

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/ParrotSec/mimikatz/raw/master/x64/mimikatz.exe
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ParrotSec/mimikatz/raw/master/x64/mimikatz.exe HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 10 Sep 2024 03:46:21 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 8673:35C904:1A5A834:1B04DE7:66DFC10C
X-Firefox-Spdy: h2

raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe

185.199.110.133

200 OK

1.3 MB

URL User Request GET HTTP/2
raw.githubusercontent.com/ParrotSec/mimikatz/master/x64/mimikatz.exe
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PE32+ executable (console) x86-64, for MS Windows, 6 sections
Size
1.3 MB (1250056 bytes)
Hash
e930b05efe23891d19bc354a4209be3e
d1f7832035c3e8a73cc78afd28cfd7f4cece6d20
92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	mimikatz
Public Nextron YARA rules	malware	Detects Mimikatz strings
Public Nextron YARA rules	malware	Detects Mimikatz SkeletonKey in Memory
Public Nextron YARA rules	malware	Detects mimikatz icon in PE file
Public Nextron YARA rules	malware	Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible)
Public Nextron YARA rules	malware	Detects Mimikatz by using some special strings
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Malpedia's yara-signator rules	malware	Detects win.mimikatz.
VirusTotal	malicious	VirusTotal - Scan result 64/73

HTTP Headers

GET /ParrotSec/mimikatz/master/x64/mimikatz.exe HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: W/"44150c3a20339a2261a3fa789e33be1bd914c8d549eaade9075562e04fc955ab"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 3456:36258D:1664177:17835D0:66DFC10D
accept-ranges: bytes
date: Tue, 10 Sep 2024 03:46:21 GMT
via: 1.1 varnish
x-served-by: cache-hel1410022-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1725939981.195860,VS0,VE369
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 10bcea9992e4dd0823c038c3557266e837bc3700
expires: Tue, 10 Sep 2024 03:51:21 GMT
source-age: 0
content-length: 1250056
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.225

504 B

URL
r11.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
049168dffe0b5a00f2445081ecd6bf9b
0f2ac0ec9d33feb0278169b202090547c911c376
d969853c89700ffb69a519bcb55655c1a8840918b5a9ab836d49730e63213b10

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D969853C89700FFB69A519BCB55655C1A8840918B5A9AB836D49730E63213B10"
Last-Modified: Sat, 07 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6093
Expires: Tue, 10 Sep 2024 05:27:55 GMT
Date: Tue, 10 Sep 2024 03:46:22 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL
r11.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
049168dffe0b5a00f2445081ecd6bf9b
0f2ac0ec9d33feb0278169b202090547c911c376
d969853c89700ffb69a519bcb55655c1a8840918b5a9ab836d49730e63213b10

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D969853C89700FFB69A519BCB55655C1A8840918B5A9AB836D49730E63213B10"
Last-Modified: Sat, 07 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6093
Expires: Tue, 10 Sep 2024 05:27:55 GMT
Date: Tue, 10 Sep 2024 03:46:22 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash