Extracted

• • Target

    pisun.exe

  • Size

    54KB

  • MD5

    45140e967970cd63521eaa76dc4db7d7

  • SHA1

    aae8aa4c5fb8e1d5a830f1f095d7550a89b7634a

  • SHA256

    3990ab6d73f0a92606cb4c86d39e077f014da65413a264be94d03ca8478e64b8

  • SHA512

    d8c5274fc1c66700c3fb63527973cb20106070698eebdf90e6b3f9ace371e34a653e382f949683d9aab0cb33fdd00ab2b943e499a4d2d6f42a24822fa2142129

  • SSDEEP

    768:U8I0g652Esltuq55JR2ET3NwJSNbxWQG35bmaePD5PvXOC2XXJdxIEpmvg:U8ZVGtZ5DTCGlWQcGD0LX3xIEpmvg

  Score

  10^/10

  njratramnitbankerbootkitdefense_evasiondiscoverypersistenceprivilege_escalationspywarestealertrojanupxworm

  • Njrat family

    njrat

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Ramnit family

    ramnit

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Disables RegEdit via registry modification

    defense_evasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1