gink | 47c0ffc0e14bca5eb34de92c269640f44bd8229534993ac23c4dc2874491fc6a | Triage

Sharing

General

Target

47c0ffc0e14bca5eb34de92c269640f44bd8229534993ac23c4dc2874491fc6a_NeikiAnalytics.exe
Size

37KB
Sample

240625-kc55vayfkf
MD5

030f285cc1f00916c135e39ae8b17a80
SHA1

69c608c3b375e472f76793dd97909bb5003a37c5
SHA256

47c0ffc0e14bca5eb34de92c269640f44bd8229534993ac23c4dc2874491fc6a
SHA512

f8ca55d6620a4c332cb0e66127ef39bc7bd1da02e51b204a5dbf642c355a6232dcbd6ef85b919cb210ff97b2b42d34c0b534678b66c643c24574955c75b4339d
SSDEEP

384:fWq2USgaIjdtI5iyAZXXKBe0VkOW2o5PYipZEvzEHivs6BYnI86pB:frrSsdS5ivge0VkOzbUBI8

Score

10^/10

gink persistence worm

Malware Config

Targets

- Target
  
  47c0ffc0e14bca5eb34de92c269640f44bd8229534993ac23c4dc2874491fc6a_NeikiAnalytics.exe
- Size
  
  37KB
- MD5
  
  030f285cc1f00916c135e39ae8b17a80
- SHA1
  
  69c608c3b375e472f76793dd97909bb5003a37c5
- SHA256
  
  47c0ffc0e14bca5eb34de92c269640f44bd8229534993ac23c4dc2874491fc6a
- SHA512
  
  f8ca55d6620a4c332cb0e66127ef39bc7bd1da02e51b204a5dbf642c355a6232dcbd6ef85b919cb210ff97b2b42d34c0b534678b66c643c24574955c75b4339d
- SSDEEP
  
  384:fWq2USgaIjdtI5iyAZXXKBe0VkOW2o5PYipZEvzEHivs6BYnI86pB:frrSsdS5ivge0VkOzbUBI8
Score

10^/10

gink persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ginkpersistenceworm

behavioral2

ginkpersistenceworm