gink | d97387a51cb3c4de16957e5251a832d228ba95d48c089eeff0dd0f8fba17d9ec | Triage

Sharing

General

Target

d97387a51cb3c4de16957e5251a832d228ba95d48c089eeff0dd0f8fba17d9ec
Size

34KB
Sample

240525-e1dgvaec6x
MD5

2af0f1a8f385c258c362f78865345717
SHA1

3a157b7855681575ce15dc4c8bd022749a19a86d
SHA256

d97387a51cb3c4de16957e5251a832d228ba95d48c089eeff0dd0f8fba17d9ec
SHA512

c50aee0dd400a54f6501e7f1adc652cf6169e9a9210886f4b918b0ed695a21ceb33172987d0caca6e060e4a59ed8e3cb85daf2bb6553abd7c5836203971375fb
SSDEEP

384:76Lz0OyPaGPbG8FecNrgzbUFPlfRNefMfNq8UOQKWRzpeancfKykJIyfgS9/V+ik:76Lo1RPbPFHRgzwFPlf/efMTWI8W

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  d97387a51cb3c4de16957e5251a832d228ba95d48c089eeff0dd0f8fba17d9ec
- Size
  
  34KB
- MD5
  
  2af0f1a8f385c258c362f78865345717
- SHA1
  
  3a157b7855681575ce15dc4c8bd022749a19a86d
- SHA256
  
  d97387a51cb3c4de16957e5251a832d228ba95d48c089eeff0dd0f8fba17d9ec
- SHA512
  
  c50aee0dd400a54f6501e7f1adc652cf6169e9a9210886f4b918b0ed695a21ceb33172987d0caca6e060e4a59ed8e3cb85daf2bb6553abd7c5836203971375fb
- SSDEEP
  
  384:76Lz0OyPaGPbG8FecNrgzbUFPlfRNefMfNq8UOQKWRzpeancfKykJIyfgS9/V+ik:76Lo1RPbPFHRgzwFPlf/efMTWI8W
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm