gink | 05c7782257c311733476f73209fef49abb92737255ba732b983ed7284f0e8937 | Triage

Sharing

General

Target

807735852227044c731581f19ef09638_JC.exe
Size

37KB
Sample

231011-qp5bzabg43
MD5

807735852227044c731581f19ef09638
SHA1

46916dfb877b70a6cdaa86fac3da4ec05fc3238c
SHA256

05c7782257c311733476f73209fef49abb92737255ba732b983ed7284f0e8937
SHA512

f4f0000fbc1b3672ea77755014b38a2b5e6f4ae2acce164ae34f4cb6da58b0ec9013aa274699037452dfed2d65ab03773ff172a4f4ec1f95ee0db8a88e6ca4b3
SSDEEP

384:UcRhHURvhTFkGnvrYkBT8MzlDEngqwqJCLLw9trBKiCCJnI8:dRh0RlmGDYcTNVE1wqlrUxCdI8

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  807735852227044c731581f19ef09638_JC.exe
- Size
  
  37KB
- MD5
  
  807735852227044c731581f19ef09638
- SHA1
  
  46916dfb877b70a6cdaa86fac3da4ec05fc3238c
- SHA256
  
  05c7782257c311733476f73209fef49abb92737255ba732b983ed7284f0e8937
- SHA512
  
  f4f0000fbc1b3672ea77755014b38a2b5e6f4ae2acce164ae34f4cb6da58b0ec9013aa274699037452dfed2d65ab03773ff172a4f4ec1f95ee0db8a88e6ca4b3
- SSDEEP
  
  384:UcRhHURvhTFkGnvrYkBT8MzlDEngqwqJCLLw9trBKiCCJnI8:dRh0RlmGDYcTNVE1wqlrUxCdI8
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm