THOR Lite throws Mimikatz warning for Brave.exe

So I’ve dun goofed, as in I managed to click on a shortened link on Messenger (something like this: It took me straight to YouTube (actual YouTube, not a spoof) and I didn’t receive any warnings, extension requests nor login requests. Basically nothing, like it was a clean link. I also use uBlock Origin and Malwarebytes Browser Guard which didn’t warn of anything.

I don’t have the exact link anymore, happened yesterday, but it was on v0k[.]us + some letters, I did copy / paste it on VirusTotal and it came-up clean:

Scanned with some other URL services, also came-up clean except some warning from Quterra (suspicious JavaScript on a YouTube related file). Scanned the PC with Malwarebytes, BitDefender Free, HitmanPro and RogueKiller and all came-up clean.

Today I did another PC scan with THOR Lite and it threw a warning for Brave (in attached picture) - am not sure if Browser is compromised or it’s just a suspicious thing to that engine because of Brave’s features, hence why I’m asking if this looks normal to you.

Brave Version: 1.32.113 Chromium: 96.0.4664.45 (Official Build) (64-bit)

Yesterday immediately logged-out of all Facebook and Google sessions, cleaned cache and cookies, changed passwords and checked app access and login info, nothing suspicious there either.

What are the odds of not having the PC / Browser compromised ?

Found a THOR Lite log from last month and I got the same warning then.

MATCHED_STRINGS: Str1: "Invoke-Mimikatz" in "\x00\xa9%\x00\x08&\xce\x89\x11N\x00\x00\x00firebas"
at 0x57ec0a992028 FILE_1: C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe EXISTS_1: yes TYPE_1: EXE SIZE_1: 2354120

So this is not related to the link I clicked yesterday apparently, but still would like to know why there would be a Mimikatz warning for Brave.exe

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.