Technical analysis by the Malware Hunter JAMESWT

New NjRAT banking-themed campaign. The email rar attachment contains a bat. This, when run, auto-converts to exe – the malware itself. ISIS also fell victim to the malicious code

NjRAT V2.0 hides in a fake email on request for confirmation of bank details.

The rar attachment contains a bat file that, when executed, converts itself into an exe: the malware itself.

This, if opened, activates the chain of infection. NjRAT, aka Bladabindi, is a Remote Access Tool (RAT), which allows you to take control of the victim’s computer. Features include manipulating files and the registry, opening a remote shell and stealing passwords saved in browsers and other applications. Among the victims of the malware there are also ISIS jihadists. In 2017 someone will hack an Islamic State site in 2017, making its users download NjRAT disguised as an Adobe Flash Player update.

Malware C2