HKTL_MIKATZ

 Analysis by: Jed Valderama

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This hacking tool arrives as a file that exports the functions of other malware/grayware. It arrives as a component bundled with malware/grayware packages. It may be manually installed by a user.

It may be injected into processes running in memory.

  TECHNICAL DETAILS

File Size:

229,360 bytes

File Type:

DLL

Initial Samples Received Date:

07 Mar 2012

Arrival Details

This hacking tool arrives as a file that exports the functions of other malware/grayware.

It arrives as a component bundled with malware/grayware packages.

It may be manually installed by a user.

Installation

This hacking tool may be injected into processes running in memory.

NOTES:

This hacking tool may arrive in 32bit and 64bit versions.

Once injected to the process lsass.exe, it can be used to perform any of the following routines:

  • Dump LanMan and NTLM hashes
  • Dump account login details of different users in the machine.
  • Dump password hashes
  • Impersonate or end a Login session.