gink | 5a5047fa8d03de3f6c871ca917bfb9a92470657d81746338704ca271bd3fcbeb | Triage

Sharing

General

Target

5a5047fa8d03de3f6c871ca917bfb9a92470657d81746338704ca271bd3fcbebN
Size

37KB
Sample

241027-yvebqs1gqf
MD5

1e81298c85f448881add943b85f38560
SHA1

1514a62df53fa6fd7757a47ab73405318d354a34
SHA256

5a5047fa8d03de3f6c871ca917bfb9a92470657d81746338704ca271bd3fcbeb
SHA512

40da2b62965264918af3179642d110f5100885399abb8675514947393e1dcfa52a792fb8d517a82c93860a18bd4370be63bd5f75a26010af7d46009cf7bf783d
SSDEEP

384:FGqJGockNg4sIREXhkpWZiuWYdXs+hnnI8lz:FQki4ZMhkpWZFnfnI8l

Score

10^/10

gink discovery persistence worm

Malware Config

Targets

- Target
  
  5a5047fa8d03de3f6c871ca917bfb9a92470657d81746338704ca271bd3fcbebN
- Size
  
  37KB
- MD5
  
  1e81298c85f448881add943b85f38560
- SHA1
  
  1514a62df53fa6fd7757a47ab73405318d354a34
- SHA256
  
  5a5047fa8d03de3f6c871ca917bfb9a92470657d81746338704ca271bd3fcbeb
- SHA512
  
  40da2b62965264918af3179642d110f5100885399abb8675514947393e1dcfa52a792fb8d517a82c93860a18bd4370be63bd5f75a26010af7d46009cf7bf783d
- SSDEEP
  
  384:FGqJGockNg4sIREXhkpWZiuWYdXs+hnnI8lz:FQki4ZMhkpWZFnfnI8l
Score

10^/10

gink discovery persistence worm
- Gink
  worm gink
- Gink family
  gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkdiscoverypersistenceworm

behavioral2

ginkdiscoverypersistenceworm