![]() ![]() Simultaneously, the njRAT initiates its installation process by copying itself into the “AppData\Local\Temp” directory with the filename “ system.exe“. Figure 3 – Teamviewer Installation wizard The figure below displays the user prompt window, providing the option to proceed with the team viewer installation. Figure 2 – Files dropped in the Windows folderĪfter dropping the files in the Windows folder, the installer triggers the execution of “ TeamViewer Starting.exe” (njRAT) and subsequently launches the legitimate “ teamviewer.exe” application. One of the files dropped in the Windows folder is njRAT, while the other is a genuine, TeamViewer application, as shown in the figure below. Upon execution, the aforementioned installer drops two files in the Windows folder, and the names of these files include the term “TeamViewer”. The malware sample we have identified is a 32-bit Smart Installer, with a SHA 256 hash of “224ae485b6e4c1f925fff5d9de1684415670f133f3f8faa5f23914c78148fc31” (shown in the figure below). In addition to its typical distribution methods, such as phishing campaigns, cracked software on filesharing websites, and drive-by downloads, this njRAT sample is also being distributed through trojanized applications. NjRAT can perform various malicious activities such as logging keystrokes, taking screenshots, stealing passwords, exfiltrating data, accessing webcams and microphones, downloading additional files, etc. This malware is primarily employed in attacks aimed at organizations located in Middle Eastern nations. NjRAT, commonly called Bladabindi, is a type of Remote Access Trojan (RAT) initially uncovered in 2012. ![]() This technique entails exploiting the trust and prevalence of popular and legitimate applications such as TeamViewer, WireShark, Process Hacker, and others. Our preliminary investigation uncovered a significant correlation between the dissemination of the njRAT malware and a favored technique employed by Threat Actors (TAs).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |