gink | 80d4bd2e8db3275aecb613da812c4bf2ed4f8ff009fad7e95757bb5a26fda4a0 | Triage

Sharing

General

Target

3229b2b3593fdbeb75c0eebf5937d940_exe32_JC.exe
Size

37KB
Sample

231015-x42yqaah2v
MD5

3229b2b3593fdbeb75c0eebf5937d940
SHA1

de2eee0a810f03336a9218927c0c78fa34e8bcb4
SHA256

80d4bd2e8db3275aecb613da812c4bf2ed4f8ff009fad7e95757bb5a26fda4a0
SHA512

5bb6e16a441ec5b0e11b9f1c16a8afd32478871256de519bd0da16128e5d5ed42fa4ed1c9cf6ee6921f678e2dc2f980dafec0414f0a22ba8704c2729943cd047
SSDEEP

384:AzAmo90CGDEvF+IPE7egefiQ/LOKLmnBD0Ip6S/UiuIWnI8HoeOmE:AzYGwL3gefPLOKLmn2ov5JkI8HPE

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  3229b2b3593fdbeb75c0eebf5937d940_exe32_JC.exe
- Size
  
  37KB
- MD5
  
  3229b2b3593fdbeb75c0eebf5937d940
- SHA1
  
  de2eee0a810f03336a9218927c0c78fa34e8bcb4
- SHA256
  
  80d4bd2e8db3275aecb613da812c4bf2ed4f8ff009fad7e95757bb5a26fda4a0
- SHA512
  
  5bb6e16a441ec5b0e11b9f1c16a8afd32478871256de519bd0da16128e5d5ed42fa4ed1c9cf6ee6921f678e2dc2f980dafec0414f0a22ba8704c2729943cd047
- SSDEEP
  
  384:AzAmo90CGDEvF+IPE7egefiQ/LOKLmnBD0Ip6S/UiuIWnI8HoeOmE:AzYGwL3gefPLOKLmn2ov5JkI8HPE
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm