gink | fda6d161ee2eab7ed5dd1627875d613438f15e4249c4338ebbead16df88fc59b | Triage

Sharing

General

Target

fda6d161ee2eab7ed5dd1627875d613438f15e4249c4338ebbead16df88fc59b
Size

37KB
Sample

240614-g586essbqp
MD5

25777311a530c455b1e9493c0dc66004
SHA1

894d855ec77894146ca3858c73609fe76a4cccbb
SHA256

fda6d161ee2eab7ed5dd1627875d613438f15e4249c4338ebbead16df88fc59b
SHA512

a55ad378fe34ecf7ee3e1a2879c77fd99661b4cb37d0fa3727c474d368249cfd1282fa3831ea9930d7ed93ece46ebc81ae447bdec06597aa32a76f20bc73fcf9
SSDEEP

768:zsMs6pJ+l9tQwrysoh8LuehzOzxCB/ZB12I8r:zsMt+lpJFLuepOFQB1M

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  fda6d161ee2eab7ed5dd1627875d613438f15e4249c4338ebbead16df88fc59b
- Size
  
  37KB
- MD5
  
  25777311a530c455b1e9493c0dc66004
- SHA1
  
  894d855ec77894146ca3858c73609fe76a4cccbb
- SHA256
  
  fda6d161ee2eab7ed5dd1627875d613438f15e4249c4338ebbead16df88fc59b
- SHA512
  
  a55ad378fe34ecf7ee3e1a2879c77fd99661b4cb37d0fa3727c474d368249cfd1282fa3831ea9930d7ed93ece46ebc81ae447bdec06597aa32a76f20bc73fcf9
- SSDEEP
  
  768:zsMs6pJ+l9tQwrysoh8LuehzOzxCB/ZB12I8r:zsMt+lpJFLuepOFQB1M
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm