gink | 203a95f9e41b46f5f90415b42fe6454d2b2dde9d153c67dcf3b23366d832afea | Triage

Sharing

General

Target

203a95f9e41b46f5f90415b42fe6454d2b2dde9d153c67dcf3b23366d832afea
Size

37KB
Sample

241015-yaxycashlc
MD5

35497eb3d60daf083641285e9dd313af
SHA1

748072cd4406ca9f08018613943452df3541f5cb
SHA256

203a95f9e41b46f5f90415b42fe6454d2b2dde9d153c67dcf3b23366d832afea
SHA512

b540dae931b972f363fdb43b71b5012990d21a3cea1f3e8cc6fe19425a263f6f75c6518b520f316c56328cc73f4ab15b137ea6c559c6fb188d44e190bb721e8d
SSDEEP

768:VmJwuE3DsQ7C/NJc4j6VxIEYElT5bWxI8R:VmUDs+C/NJdjSLYEp5G

Score

10^/10

gink discovery persistence worm

Malware Config

Targets

- Target
  
  203a95f9e41b46f5f90415b42fe6454d2b2dde9d153c67dcf3b23366d832afea
- Size
  
  37KB
- MD5
  
  35497eb3d60daf083641285e9dd313af
- SHA1
  
  748072cd4406ca9f08018613943452df3541f5cb
- SHA256
  
  203a95f9e41b46f5f90415b42fe6454d2b2dde9d153c67dcf3b23366d832afea
- SHA512
  
  b540dae931b972f363fdb43b71b5012990d21a3cea1f3e8cc6fe19425a263f6f75c6518b520f316c56328cc73f4ab15b137ea6c559c6fb188d44e190bb721e8d
- SSDEEP
  
  768:VmJwuE3DsQ7C/NJc4j6VxIEYElT5bWxI8R:VmUDs+C/NJdjSLYEp5G
Score

10^/10

gink discovery persistence worm
- Gink
  worm gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkdiscoverypersistenceworm

behavioral2

ginkdiscoverypersistenceworm