gink | 8375280d02e758b6357e655323da1f9ef1846f9f8d5abfb9d69ccc07d05419a9 | Triage

Sharing

General

Target

8375280d02e758b6357e655323da1f9ef1846f9f8d5abfb9d69ccc07d05419a9
Size

37KB
Sample

240316-1k53taeg44
MD5

8ca049047aacc128a1898ec99c4ba6dc
SHA1

87443b1d553de1bba31c54a9f848655f4e7bf10c
SHA256

8375280d02e758b6357e655323da1f9ef1846f9f8d5abfb9d69ccc07d05419a9
SHA512

22a069a22f54a42c60645ccd07df730821524640b1b28680073db06316d72c068e44c43dd8c6dc6fd89188f8c75b5dc59f1867983bbd48ecc82d4066fdf2f311
SSDEEP

768:J6ITGt8oMewlzchSe2fQLpLKAYNkI8ti:8t8LlMcQp9YEQ

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  8375280d02e758b6357e655323da1f9ef1846f9f8d5abfb9d69ccc07d05419a9
- Size
  
  37KB
- MD5
  
  8ca049047aacc128a1898ec99c4ba6dc
- SHA1
  
  87443b1d553de1bba31c54a9f848655f4e7bf10c
- SHA256
  
  8375280d02e758b6357e655323da1f9ef1846f9f8d5abfb9d69ccc07d05419a9
- SHA512
  
  22a069a22f54a42c60645ccd07df730821524640b1b28680073db06316d72c068e44c43dd8c6dc6fd89188f8c75b5dc59f1867983bbd48ecc82d4066fdf2f311
- SSDEEP
  
  768:J6ITGt8oMewlzchSe2fQLpLKAYNkI8ti:8t8LlMcQp9YEQ
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm