Overview

overview

10

Static

static

046a0b60d8...a3.exe

windows7_x64

10

046a0b60d8...a3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    046a0b60d87325d9e360c105614ea2a9fd1eb3f4a8deb069e6d9426395dd0fa3

  • Size

    37KB

  • Sample

    210513-rlfqnms8ta

  • MD5

    ee8af8f4f626b8c68bcd63daa2898519

  • SHA1

    bdf5f6dd6cd9095df7357e2531cbcaa6c29f7287

  • SHA256

    046a0b60d87325d9e360c105614ea2a9fd1eb3f4a8deb069e6d9426395dd0fa3

  • SHA512

    fb8d87b826f3b8a9c36f575e009c7fd85f82a6f42fd31a65d579abf379838a25678368da2b7c9ff0a3ea1e9ca8ea98fa230be0d4cd22263aa4f58a26650ca363

Score
10/10
ginkxmrigminerpersistenceworm

Malware Config

Targets

    • Target

      046a0b60d87325d9e360c105614ea2a9fd1eb3f4a8deb069e6d9426395dd0fa3

    • Size

      37KB

    • MD5

      ee8af8f4f626b8c68bcd63daa2898519

    • SHA1

      bdf5f6dd6cd9095df7357e2531cbcaa6c29f7287

    • SHA256

      046a0b60d87325d9e360c105614ea2a9fd1eb3f4a8deb069e6d9426395dd0fa3

    • SHA512

      fb8d87b826f3b8a9c36f575e009c7fd85f82a6f42fd31a65d579abf379838a25678368da2b7c9ff0a3ea1e9ca8ea98fa230be0d4cd22263aa4f58a26650ca363

    Score
    10/10
    ginkxmrigminerpersistenceworm

    • Gink

      wormgink

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks