gink | 17ddfa0820c6b88e8572b25a2eeb4da854ed789a23ff36ea10af2f3d992ab1ab | Triage

Sharing

General

Target

17ddfa0820c6b88e8572b25a2eeb4da854ed789a23ff36ea10af2f3d992ab1ab
Size

37KB
Sample

240407-xmrresca23
MD5

30c1365a3a6f13ca3f1d8a26f532b687
SHA1

0bf30152b0dc542396fb90a07917d12df779da87
SHA256

17ddfa0820c6b88e8572b25a2eeb4da854ed789a23ff36ea10af2f3d992ab1ab
SHA512

673fadd9f537e5ec523064c98e0a14543fb3a6b3959f63c8acad82100b4b2f87c422c6c7c37422ff5f1513c0e609910c4cef6dd344b57de68c43571abcbda0e3
SSDEEP

384:kbHQR8pa/xi51iuMYZg99VhYTue4F3DofCfnI8sLL5j:kbdd5UuMYZGVhYyxZD9/I8CL5

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  17ddfa0820c6b88e8572b25a2eeb4da854ed789a23ff36ea10af2f3d992ab1ab
- Size
  
  37KB
- MD5
  
  30c1365a3a6f13ca3f1d8a26f532b687
- SHA1
  
  0bf30152b0dc542396fb90a07917d12df779da87
- SHA256
  
  17ddfa0820c6b88e8572b25a2eeb4da854ed789a23ff36ea10af2f3d992ab1ab
- SHA512
  
  673fadd9f537e5ec523064c98e0a14543fb3a6b3959f63c8acad82100b4b2f87c422c6c7c37422ff5f1513c0e609910c4cef6dd344b57de68c43571abcbda0e3
- SSDEEP
  
  384:kbHQR8pa/xi51iuMYZg99VhYTue4F3DofCfnI8sLL5j:kbdd5UuMYZGVhYyxZD9/I8CL5
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm