Before two day ago we detected the Mimikatz virus on our domain controller by SEP but they spread to our network due to detecting a lot of aggressive login failure. In the first part of this series, we started our dive into Mimikatz. In this example, an attacker is using the hash of a compromised user with the necessary replication permissions to perform a Pass-the-Hash attack to launch a command prompt as the compromised user.However, AV will usually flag the known bad files. There are tons of signatures for how it operates, meaning that there are tons of security solutions that can detect its usage in various ways. Mimikatz inside your PC may block you from installing the program therefore it is best if you install the program in “Safe Mode”. For obtaining user credentials, the attackers used HackTool.Hacktool mimikatz detected For successful execution of the malware, Perl scripting libraries are required.
