Shulou(Shulou.com)05/31 Report--

Remote control tool Njrat how to achieve one-button encryption and decryption testing, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

0x0 background

NjRAT has been around since at least 2013 and is one of the most popular malware series. The malware is built into the .NET Framework and can provide attackers with remote control of the infected system, command and control using dynamic DNS (ClearC), and communication using a custom TCP protocol on configurable ports. The new malware version, known as njRAT Lime Edition, includes support for ransomware infections, bitcoin acquisition cards and distributed denial of service (DDoS), as well as the ability to record keystrokes, spread through USB drives, steal passwords and lock screens.

0x1 experiment

Practice is the only criterion for testing truth, and a simulation of blackmail is set up here.

IPOSRemark192.168.184.139Windows 2008 R2Victim192.168.184.140Windows 2008 R2Hacker

Now the Njrat Lime Edition version is installed on the attack plane, and the file structure of this version is a little clearer than that of the previous version.

Run the server after setting up port and key, and you can generate client or downloader when you generate the client.

There are more options when generating the client, and it is particularly obvious that the bitcoin capture card has all the other common functions:

ü Hidden file path

U disk transmission

U kill soft

U start up

ü add registry

Dameon process

After running the generated Client on the Victim machine, the server can receive a connected sessions, showing some computer information about the Victim.

If you operate on the victim, you can find many more commonly used functions, such as one-click blackmail, Bitcoin, stress testing (slowis), Bypass UAC, killing software, shutting down and deleting Cookie, and so on, and there is even a torrent.

Here is a test of one-click blackmail encryption:

The client file is encrypted into the file at the end of the Lime, and the desktop background is changed:

The file has been restored after pressing decrypt:

The situation of the injured side of 0x2

You can see the process running on the machine on the victim side, the file path is under the hidden directory APPDATA, and there is no parent process.

Boot key and registry have been added:

Finally, you can use textMessages to leave a message:

0x3 protection recommendations

1. Such attacks are mostly spread through e-mail attachments, and suspicious e-mail attachments should be cautious, cautious and cautious.

two。 Bundled software installation is also a common way of communication, it is recommended to download to the official software website and trusted third-party software.

3. Install local security software to detect and kill malicious files in time.

4. Safety is no small matter, daily need to be careful, improve safety knowledge, daily visit Freebuf.

After reading the above, have you mastered how the remote control tool Njrat implements one-button encryption and decryption testing? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.