Threat Database Backdoors Backdoor.Ratenjay

Backdoor.Ratenjay

By Domesticus in Backdoors

Backdoor.Ratenjay (njRAT) is a dangerous RAT, or Remote Access Trojan, that is used to take over the victims' computers and control them from a remote location, track on information, or their activities. Backdoor.Ratenjay is especially prevalent in the Middle East. In most cases, RATs like Backdoor.Ratenjay may be associated with botnets, that is, vast networks of infected computers that can be controlled as a group to carry out combined attacks. A botnet is the kind of threat that may be used to accomplish DDoS attacks (Distributed Denial of Service) on specific targets to overwhelm them and make them inaccessible, to issue massive amounts of spam email messages, to launder money, conceal harmful online activities and a variety of other suspicious activities. RATs may be an effective weapon in conflicts and the Middle East is no exception. Backdoor.Ratenjay is the most widely used RAT in countries ranging from North Africa (for example Algeria or Tunisia) to Middle Eastern countries such as Kuwait and Iraq.

Shooing this RAT out of Your Computer

Backdoor.Ratenjay is very similar to the most widely used RATs. Backdoor.Ratenjay may execute malicious code on infected computers, modify the infected computer's settings, track on the victim's activities by taking screenshots or logging keystrokes, access the infected computer's Webcam and a variety of other potentially harmful activities. Malware researchers first detected Backdoor.Ratenjay in June of 2013 and, currently, there are three distinct versions of this threat that are active. In most cases, Backdoor.Ratenjay is distributed using infected USB drives or folders shared on a network.

Why Backdoor.Ratenjay is So Popular in the Middle East

The popularity of Backdoor.Ratenjay in this part of the world is due thanks to two factors. First of all, Backdoor.Ratenjay is developed by hackers in Kuwait, who update Backdoor.Ratenjay regularly and have adapted Backdoor.Ratenjay for use in this region. Secondly, this part of the world is currently undergoing numerous political and social upheavals where hacking and online activism is tremendously important. RATs like Backdoor.Ratenjay are tremendous weapons for both sides of the conflict.

File System Details

Backdoor.Ratenjay may create the following file(s):
# File Name Detections
1. %Temp%\[THREAT FILE NAME].exe
2. %ProgramFiles%\Startup\[RANDOM NAME].exe
3. [THREAT FILE NAME] may be one of the following strings:
4. driver
5. %SystemDrive%\! My Picutre.SCR
6. Trojan
7. %DriveLetter%\! My Picutre.SCR
8. WinRAR
9. adobe

Registry Details

Backdoor.Ratenjay may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\[THR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"
EAT FILE NAME]" = "%Temp%\[THREAT FILE NAME]:*:Enabled:[THREAT FILE NAME]"

Related Posts

Trending

Most Viewed

Loading...