gink | 97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad | Triage

Sharing

General

Target

97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad
Size

37KB
Sample

210515-j2fe1b8pb6
MD5

0118eca1bcce8ff65be0d9b268bd61b1
SHA1

263593ca8fe50a540167abc243fff5303ae9bc29
SHA256

97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad
SHA512

d02fdbfea77fb300e5f1f104e37277ae673e015e9242f69a1fab17fa0a582a9d59952a93d4f23f20b2fc69f96246bcdef2965921b9f2a757d225a2baf326fb0e

Score

10^/10

gink xmrig miner persistence worm

Malware Config

Targets

- Target
  
  97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad
- Size
  
  37KB
- MD5
  
  0118eca1bcce8ff65be0d9b268bd61b1
- SHA1
  
  263593ca8fe50a540167abc243fff5303ae9bc29
- SHA256
  
  97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad
- SHA512
  
  d02fdbfea77fb300e5f1f104e37277ae673e015e9242f69a1fab17fa0a582a9d59952a93d4f23f20b2fc69f96246bcdef2965921b9f2a757d225a2baf326fb0e
Score

10^/10

gink xmrig miner persistence worm
- Gink
  worm gink
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkxmrigminerpersistenceworm

behavioral2

ginkxmrigminerpersistenceworm