gink | 475b9a23684d3089996776ea161d8e1be7cc9f463b171c3d6c557f1ff07c22a5 | Triage

Sharing

General

Target

1be72be2f9f401d7ee9ca7453593d731_JC.exe
Size

37KB
Sample

231001-nnvp2abg37
MD5

1be72be2f9f401d7ee9ca7453593d731
SHA1

67684be4e640aab4c9ee4efa6205009a8d79b404
SHA256

475b9a23684d3089996776ea161d8e1be7cc9f463b171c3d6c557f1ff07c22a5
SHA512

b1bee8e88b36b74670014f786a5afbd7a2a511a3dfc43a1af6e35b96da425c4b536b60299e1c559f13a91db650095e071f14430b8b00261070af45a28f29a7d3
SSDEEP

384:WMVoAMzndTnUUL6QDqWDrdD4w1zPdr+w+5Yj6MBaSnI8W:WO4eADrdVVaw+5bMo4I8W

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  1be72be2f9f401d7ee9ca7453593d731_JC.exe
- Size
  
  37KB
- MD5
  
  1be72be2f9f401d7ee9ca7453593d731
- SHA1
  
  67684be4e640aab4c9ee4efa6205009a8d79b404
- SHA256
  
  475b9a23684d3089996776ea161d8e1be7cc9f463b171c3d6c557f1ff07c22a5
- SHA512
  
  b1bee8e88b36b74670014f786a5afbd7a2a511a3dfc43a1af6e35b96da425c4b536b60299e1c559f13a91db650095e071f14430b8b00261070af45a28f29a7d3
- SSDEEP
  
  384:WMVoAMzndTnUUL6QDqWDrdD4w1zPdr+w+5Yj6MBaSnI8W:WO4eADrdVVaw+5bMo4I8W
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm