njRAT is one of the oldest and popular remote access trojan (RAT) in the malware world. njRAT is also known as Bladabindi RAT Njw0rm RAT. The reason of its popularity is the fact its source code is available and YouTube has tons of tutorials on it. njRAT has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives. The new version of njRAT has added some more popular features, such as ransomware, DDOS, BTC wallet collection and antivirus bypass techniques. The creator of njRAT was an underground hacker community named Sparclyheason.
njRAT (Bladabindi) Signatures
Family: Backdoor:MSIL/Bladabindi.AL
MD5: 061d333ad7d861e2888ff24e38de0b2d
SHA256: 4bf2c2650886b1e1a3c7a4139558d3eefb465f8559e73df42d7b0f37287f6d46
njRAT (Bladabindi) Download
njRAT Source Code Download
Note: Password of the source code archive is
infected-RAT