njRAT

Malware updated 23 days ago (2024-11-29T13:46:15.560Z)
Download STIX
Preview STIX
NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, disrupt operations, or even hold data for ransom. It is capable of identifying remote hosts on connected networks (T1018), detecting peripheral devices such as cameras during initial infection (T1120), and executing keylogging, stealing, reverse shell, and USB propagation functions. The attackers have been observed using a variety of RATs including Remcos, AsyncRAT, Lime-RAT, Quasar RAT, and BitRAT, along with NjRAT. Interestingly, it has been noted that RATs like NjRAT and infostealers like Lokibot leverage the same Command and Control (C2) infrastructure as targeted attacks. These tactics include customizing publicly available RATs like NjRAT and AsyncRAT for espionage or financial theft. The BlindEagle group, also known as APT-C-36, has been seen running operations using NjRAT among other RATs. In recent developments, manufacturing organizations across North America have been targeted by the financially motivated Blind Eagle threat operation. The attackers leveraged the Ande Loader malware to deliver remote access trojans, including NjRAT. The campaign employed this loader to deliver both Remcos RAT and NjRAT. These attacks were facilitated by phishing emails containing RAR and BZ2 archives, which led to the distribution of NjRAT.
Description last updated: 2024-10-01T14:15:43.921Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dcrat is a possible alias for njRAT. DcRAT is a malicious software (malware) known as a Remote Access Trojan (RAT), which has been utilized in a widespread campaign to exploit computer systems. The malware infiltrates systems through deceptive methods, including downloads from fake Google Meet and OnlyFans sites. When a user interacts
4
Bladabindi is a possible alias for njRAT. Bladabindi, also known as njRAT, is a remote access trojan (RAT) malware first discovered in 2013. It poses a significant threat to the privacy, security, and integrity of infected systems, allowing attackers to execute commands on the host, log keystrokes, and remotely activate the victim's webcam
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Trojan
Payload
Windows
Phishing
Cobalt Strike
Espionage
Android
Ransomware
Implant
Github
Crypter
Remcos
Dropper
Skype
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Agenttesla Malware is associated with njRAT. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransUnspecified
5
The AsyncRAT Malware is associated with njRAT. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, raUnspecified
4
The NanoCore Malware is associated with njRAT. NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in DecUnspecified
3
The Spynote Malware is associated with njRAT. SpyNote is a malicious software (malware) designed to exploit and damage computer systems, often infecting devices through suspicious downloads, emails, or websites. A newer variant of SpyNote has been observed using the Accessibility API to target well-known cryptocurrency wallets. The malware is dUnspecified
3
The DarkComet Malware is associated with njRAT. DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other esUnspecified
2
The Redline Malware is associated with njRAT. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
2
Source Document References
Information about the njRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
3 months ago
Checkpoint
4 months ago
Securelist
4 months ago
Checkpoint
7 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
InfoSecurity-magazine
9 months ago
CERT-EU
10 months ago
DARKReading
10 months ago
InfoSecurity-magazine
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
MITRE
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago