首页
论坛
课程
招聘
[转帖]JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH
2021-12-6 19:50 4231

[转帖]JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

2021-12-6 19:50
4231

JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

By CyberMasterV / November 30, 2021 / Malware analysis


njRAT (Bladabindi) is a .NET RAT (Remote Access Trojan) that allows attackers to take control of an infected machine. This malware has been used by APT actors in targeted attacks in Colombia (https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/), by SideCopy (https://blog.talosintelligence.com/2021/07/sidecopy.html) and has been distributed via phishing emails (https://labs.k7computing.com/index.php/malspam-campaigns-download-njrat-from-paste-sites/). The version number in our analysis is 0.6.4 and the campaign ID is “splitgateukrayna”. The following commands have been implemented: “proc”, “rss”, “rs”, “rsc”, “kl”, “inf”, “prof”, “rn”, “inv”, “ret”, “CAP”, “P”, “un”, “up”, “RG”. njRAT can also act as a keylogger because it records the pressed keys in a file which can be exfiltrated using the “kl” command. The rest of the commands will be explained in great detail in the Technical analysis section.


https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/



【公告】欢迎大家踊跃尝试高研班11月试题,挑战自己的极限!

收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回