gink | 05b76ffd6c9acb7f673f373b4ae521249292969e776cae44170238dc6c331972 | Triage

Sharing

General

Target

1ff5405938d7dc78da37c6a0c7150830_NeikiAnalytics.exe
Size

34KB
Sample

240525-zsgjraaf87
MD5

1ff5405938d7dc78da37c6a0c7150830
SHA1

f0daee04571b12274a7d99d92d073ebf25df57ea
SHA256

05b76ffd6c9acb7f673f373b4ae521249292969e776cae44170238dc6c331972
SHA512

45ef7795c6abaf82ef40273b45ccad6bdbb9773ef12ad5c0d003cffad79b920b3f36b2108b0848e23d9443cf20d8567e0a7cdf0906dec09290b7d773b699125a
SSDEEP

384:H6Lz0OyPaGPbG8FecNrgzbUFPlfRNefMfNq8U8QKWRzpeancfKykJIyfgS9/V+iy:H6Lo1RPbPFHRgzwFPlf/efMTydI8W

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  1ff5405938d7dc78da37c6a0c7150830_NeikiAnalytics.exe
- Size
  
  34KB
- MD5
  
  1ff5405938d7dc78da37c6a0c7150830
- SHA1
  
  f0daee04571b12274a7d99d92d073ebf25df57ea
- SHA256
  
  05b76ffd6c9acb7f673f373b4ae521249292969e776cae44170238dc6c331972
- SHA512
  
  45ef7795c6abaf82ef40273b45ccad6bdbb9773ef12ad5c0d003cffad79b920b3f36b2108b0848e23d9443cf20d8567e0a7cdf0906dec09290b7d773b699125a
- SSDEEP
  
  384:H6Lz0OyPaGPbG8FecNrgzbUFPlfRNefMfNq8U8QKWRzpeancfKykJIyfgS9/V+iy:H6Lo1RPbPFHRgzwFPlf/efMTydI8W
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm