Despite being over a decade old, NjRAT remains a significant threat. It consistently ranks among the most frequently encountered RATs in the wild.
The "V9.0d" in the filename indicates a specific variant or version of this malware. The ".rar" extension tells us the malicious files are packaged in a compressed archive (similar to a .zip file), a common tactic used to bypass basic security scans and bundle the malware with other components. NjRAT is coded using the Microsoft .NET framework, which allows attackers to easily customize and build new versions using a graphical user interface (GUI) builder.
Sent as email attachments disguised as urgent invoices, shipping documents, or software updates. Technical Indicators of Compromise (IoCs)
Disconnect the affected computer from the local network and Wi-Fi to stop data exfiltration. Njrat-V9.0d.rar
This is the graphical user interface (GUI) application used by threat actors to generate custom malware executables. The builder allows the attacker to specify command-and-control (C2) server IP addresses, select port numbers, and choose specific malicious features to embed.
Security tools typically identify this malware through specific registry keys and file paths. For instance, njRAT often creates a startup entry in the Windows Registry to maintain persistence:
[Malware File] ---> [Compressed into RAR] ---> [Password Protected] ---> Bypass Antivirus Scanners Despite being over a decade old, NjRAT remains
Known NjRAT samples have hashes including:
The analysis of the file was conducted using a combination of static and dynamic analysis techniques. The file was first scanned with antivirus software to identify any known threats. Subsequently, the file was extracted and analyzed using various tools, including disassemblers, debuggers, and network traffic analysis software.
Captures every keystroke typed by the user to steal passwords, credentials, and personal messages. : Capture passwords
: Modern Endpoint Detection and Response (EDR) tools are highly effective at spotting the behavioral patterns of njRAT.
: Capture passwords, credit card numbers, and personal messages.