gink | fe6b3e98cb975fa5dea21c56c1b2baf4f23085b77348f7edecb8715efde27cf5 | Triage

Sharing

General

Target

fe6b3e98cb975fa5dea21c56c1b2baf4f23085b77348f7edecb8715efde27cf5N.exe
Size

37KB
Sample

241216-srpemsvjhm
MD5

2b5f981fdf8ab6801c53e69c93f7e510
SHA1

f2a7faaecf72c0368e76b1bf070c1634a0b7a66e
SHA256

fe6b3e98cb975fa5dea21c56c1b2baf4f23085b77348f7edecb8715efde27cf5
SHA512

b6971b59b7c9665cbbe38bc9db91f18f9d099e96a7264d9efbb9312745f756f5e65b94ad5e4adafb2cea930ef956f34964a7fb79b6070117508177ae3f98b255
SSDEEP

384:ZdDs3Vt2+AVOiU3sZdz4GUrH7fCtgLewKPzWuEQ+pUH21SceXT9Ft+Flp2FJnI8b:ZdiVtF8GH7atgLF4SUUqXTEFlQFdI8b

Score

10^/10

gink discovery persistence worm

Malware Config

Targets

- Target
  
  fe6b3e98cb975fa5dea21c56c1b2baf4f23085b77348f7edecb8715efde27cf5N.exe
- Size
  
  37KB
- MD5
  
  2b5f981fdf8ab6801c53e69c93f7e510
- SHA1
  
  f2a7faaecf72c0368e76b1bf070c1634a0b7a66e
- SHA256
  
  fe6b3e98cb975fa5dea21c56c1b2baf4f23085b77348f7edecb8715efde27cf5
- SHA512
  
  b6971b59b7c9665cbbe38bc9db91f18f9d099e96a7264d9efbb9312745f756f5e65b94ad5e4adafb2cea930ef956f34964a7fb79b6070117508177ae3f98b255
- SSDEEP
  
  384:ZdDs3Vt2+AVOiU3sZdz4GUrH7fCtgLewKPzWuEQ+pUH21SceXT9Ft+Flp2FJnI8b:ZdiVtF8GH7atgLF4SUUqXTEFlQFdI8b
Score

10^/10

gink discovery persistence worm
- Gink
  worm gink
- Gink family
  gink
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginkdiscoverypersistenceworm

behavioral2

ginkdiscoverypersistenceworm