gink | a6a336d3db96a9096d5f05c0ab52f87777966c60c366ace9a4fa2457e3556123 | Triage

Sharing

General

Target

3d
Size

37KB
Sample

231119-nrlxashf74
MD5

000b697ba3c11ee58bd8ff5496fca014
SHA1

baf81b2f3c1aad6b97e556faa9f6055bbe653911
SHA256

a6a336d3db96a9096d5f05c0ab52f87777966c60c366ace9a4fa2457e3556123
SHA512

712e014b4a2584b3600cd095d4fc575e2ea42f3e16002770ddd4fec17e52d856311c991f510345be8ceeb35feaf781a715ee5e360f6cf6c47af36fa8732c1bcb
SSDEEP

384:pvNaPqvtAs3su/I8xWI/cbZ/GdS3qBOi4Zj7aDn6k+TvnI89g0E:gipsu/H/ux+c7aDwI8K0E

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  3d
- Size
  
  37KB
- MD5
  
  000b697ba3c11ee58bd8ff5496fca014
- SHA1
  
  baf81b2f3c1aad6b97e556faa9f6055bbe653911
- SHA256
  
  a6a336d3db96a9096d5f05c0ab52f87777966c60c366ace9a4fa2457e3556123
- SHA512
  
  712e014b4a2584b3600cd095d4fc575e2ea42f3e16002770ddd4fec17e52d856311c991f510345be8ceeb35feaf781a715ee5e360f6cf6c47af36fa8732c1bcb
- SSDEEP
  
  384:pvNaPqvtAs3su/I8xWI/cbZ/GdS3qBOi4Zj7aDn6k+TvnI89g0E:gipsu/H/ux+c7aDwI8K0E
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm