gink | ea04a2c6b205c608715116bdbb730b00466dae52b6575c2ae5f7a330e256bef1 | Triage

Sharing

General

Target

2a488a90c203457aecf4ad316a703220_NeikiAnalytics.exe
Size

37KB
Sample

240604-egkf2scc41
MD5

2a488a90c203457aecf4ad316a703220
SHA1

c600f751fbcffe3db0c7a62b7da316e9e848350b
SHA256

ea04a2c6b205c608715116bdbb730b00466dae52b6575c2ae5f7a330e256bef1
SHA512

f9ecc3551e46861d260c530e58ddd0eb35a3ea3495be007e857d8108df061b28c8c8818965e68eb87680437d1b9544f568d5f621f621ca189e1fa65533587985
SSDEEP

384:H5+UTsRkgWHZcXnDYc+4Yxt/4j5X/HLcyGgl185nI87hGr:H5hgkgWGXDYc+Vxt/49jz8I8w

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  2a488a90c203457aecf4ad316a703220_NeikiAnalytics.exe
- Size
  
  37KB
- MD5
  
  2a488a90c203457aecf4ad316a703220
- SHA1
  
  c600f751fbcffe3db0c7a62b7da316e9e848350b
- SHA256
  
  ea04a2c6b205c608715116bdbb730b00466dae52b6575c2ae5f7a330e256bef1
- SHA512
  
  f9ecc3551e46861d260c530e58ddd0eb35a3ea3495be007e857d8108df061b28c8c8818965e68eb87680437d1b9544f568d5f621f621ca189e1fa65533587985
- SSDEEP
  
  384:H5+UTsRkgWHZcXnDYc+4Yxt/4j5X/HLcyGgl185nI87hGr:H5hgkgWGXDYc+Vxt/49jz8I8w
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm