[转帖]JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH-安全工具-看雪-安全社区|安全招聘|kanxue.com

[转帖]JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

发表于: 2021-12-6 19:50 7941

[转帖]JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

linhanshi

2021-12-6 19:50

7941

JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

By CyberMasterV / November 30, 2021 / Malware analysis

njRAT (Bladabindi) is a .NET RAT (Remote Access Trojan) that allows attackers to take control of an infected machine. This malware has been used by APT actors in targeted attacks in Colombia (dd7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2%4k6h3I4A6N6X3g2K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3U0q4Q4x3V1j5H3x3g2)9J5c8U0p5J5i4K6u0r3L8%4m8W2M7X3q4@1K9h3!0F1i4K6u0V1M7%4m8S2L8r3q4^5i4K6u0V1N6r3q4J5k6$3g2@1k6h3c8Q4x3X3c8E0j5h3I4%4j5i4u0W2i4K6u0V1j5i4c8@1j5h3y4C8M7#2)9J5k6r3y4G2L8r3!0E0j5X3W2S2i4K6u0r3i4K6t1&6i4K6u0o6 by SideCopy (e6aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2N6r3q4D9L8%4y4A6L8Y4c8W2L8r3I4A6k6$3g2F1j5$3g2Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6t1I4i4K6u0r3x3o6N6Q4x3V1k6K6K9h3c8W2j5$3!0H3P5g2)9J5k6h3S2@1L8h3I4Q4x3U0V1`. and has been distributed via phishing emails (84eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6D9j5h3u0K6i4K6u0W2K9K6N6U0L8$3#2H3N6i4c8A6L8X3N6Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9J5c8X3#2S2L8s2y4H3j5h3#2Q4x3X3c8U0j5h3#2H3j5h3W2Y4L8Y4y4Q4x3X3c8V1L8%4N6F1L8r3!0S2k6q4)9J5k6r3&6B7M7X3q4@1i4K6u0V1k6Y4u0G2L8g2)9J5k6s2m8S2M7%4c8W2i4K6u0V1M7$3W2@1k6i4y4Q4x3V1k6Q4x3U0W2Q4x3X3f1`. The version number in our analysis is 0.6.4 and the campaign ID is “splitgateukrayna”. The following commands have been implemented: “proc”, “rss”, “rs”, “rsc”, “kl”, “inf”, “prof”, “rn”, “inv”, “ret”, “CAP”, “P”, “un”, “up”, “RG”. njRAT can also act as a keylogger because it records the pressed keys in a file which can be exfiltrated using the “kl” command. The rest of the commands will be explained in great detail in the Technical analysis section.

0e1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0P5h3u0W2M7X3N6W2k6h3E0K6i4K6u0W2N6r3g2U0K9q4)9J5c8X3A6#2M7%4c8Q4x3X3c8S2L8X3!0@1K9r3g2J5i4K6u0V1j5h3&6S2L8s2W2K6K9i4y4Q4x3X3c8G2k6W2)9J5k6s2c8Z5k6g2)9J5k6r3&6B7M7X3q4@1i4K6u0V1L8h3q4D9N6$3q4J5k6g2)9J5k6r3q4Q4x3X3c8K6N6r3g2H3i4K6u0V1j5Y4W2Q4x3X3c8K6N6r3g2H3i4K6u0V1j5i4m8H3M7X3!0S2j5$3S2Q4x3V1j5`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

#[文档]

收藏・1

免费・0

支持