Overview

overview

10

Static

static

e95b940c3a...cd.exe

windows7_x64

10

e95b940c3a...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e95b940c3a1e562bc8ade0c58d771fb8c2eb2fdd787bfdd3fc7dadadabeb39cd

  • Size

    37KB

  • Sample

    210515-lqdmttnq52

  • MD5

    ab2b7897a8b5bdbe814045946298cc8d

  • SHA1

    e244e7a806eb361e4636c3df67d569fb10e34ee3

  • SHA256

    e95b940c3a1e562bc8ade0c58d771fb8c2eb2fdd787bfdd3fc7dadadabeb39cd

  • SHA512

    b807a66d5de48aae6d185ab19565fc1818dce077f7c504513a8809cf72cbab3fc770f454d8946dd768a75bc4f24dbac9aa61bddf4d5dbbf62f98d97f9905939b

Score
10/10
ginkxmrigminerpersistenceworm

Malware Config

Targets

    • Target

      e95b940c3a1e562bc8ade0c58d771fb8c2eb2fdd787bfdd3fc7dadadabeb39cd

    • Size

      37KB

    • MD5

      ab2b7897a8b5bdbe814045946298cc8d

    • SHA1

      e244e7a806eb361e4636c3df67d569fb10e34ee3

    • SHA256

      e95b940c3a1e562bc8ade0c58d771fb8c2eb2fdd787bfdd3fc7dadadabeb39cd

    • SHA512

      b807a66d5de48aae6d185ab19565fc1818dce077f7c504513a8809cf72cbab3fc770f454d8946dd768a75bc4f24dbac9aa61bddf4d5dbbf62f98d97f9905939b

    Score
    10/10
    ginkxmrigminerpersistenceworm

    • Gink

      wormgink

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks