Skip to main content
Published Jun 21, 2016 | Updated Nov 22, 2023

HackTool:Win32/Mimikatz

Detected by Microsoft Defender Antivirus

Aliases: Mimikatz-DumpCreds (McAfee) Mimikatz Exploit Utility (PUA) (Sophos) Hacktool.Mimikatz (Symantec) Trojan.Generic.15297570 (F-secure) Riskware/Mimikatz (Fortinet) Exploit.Win32.Palsas (Ikarus) HackTool.Win32.Mimikatz.gen (Kaspersky) HKTL_MIMIKATZ (Trend Micro)

Summary

Mimikatz is a well-known hacktool used to extract Windows passwords in plain-text from memory, perform pass-the-hash attacks, inject code into remote processes, generate golden tickets, and more. This tool is used by red teams and real threat actors alike due to its powerful toolset and open-source nature allowing for easy modification. This tool is still regularly maintained and kept up to date with latest changes in Windows. Mimikatz is often delivered and executed without writing to disk (fileless) in an attempt to avoid detection. 

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Update passwords and remove any accounts that might be compromised.

Follow us