We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
HackTool:Win32/Mimikatz
Aliases: Mimikatz-DumpCreds (McAfee) Mimikatz Exploit Utility (PUA) (Sophos) Hacktool.Mimikatz (Symantec) Trojan.Generic.15297570 (F-secure) Riskware/Mimikatz (Fortinet) Exploit.Win32.Palsas (Ikarus) HackTool.Win32.Mimikatz.gen (Kaspersky) HKTL_MIMIKATZ (Trend Micro)
Summary
Mimikatz is a well-known hacktool used to extract Windows passwords in plain-text from memory, perform pass-the-hash attacks, inject code into remote processes, generate golden tickets, and more. This tool is used by red teams and real threat actors alike due to its powerful toolset and open-source nature allowing for easy modification. This tool is still regularly maintained and kept up to date with latest changes in Windows. Mimikatz is often delivered and executed without writing to disk (fileless) in an attempt to avoid detection.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
Update passwords and remove any accounts that might be compromised.