Introduction

This page is part of my series: Inside Different Generations of RATs, and serves as a reference hub for navigating njRAT-related analysis articles.

It provides an overview of the njRAT family, including its major versions and known variants.

If you are interested in the full series, please refer to the linked page above.

This page will be continuously updated as new research is added.

njRAT

njRAT, also known as Bladabindi, is a remote access tool (RAT) with a graphical user interface that allows operators to control a victim’s machine. It was first found in June 2013 with some variants traced to November 2012.

It was reportedly developed by a hacking group called M38dHhM and was often used against targets in the Middle East.

njRAT has many versions, and numerous variants can be found online. One of the most famous versions is the Lime Edition.

Supplement: I didn’t find any source of why it was named “Bladabindi”, but balad (بلد) means “country” or “place” in Arabic. In addition, the author is named njq8, this is probably why the RAT is also known as njRAT.
njRAT is also one of the RATs that inspired my project DuplexSpy.

The njRAT Family

graph TD njRAT("njRAT") v0.7("njRAT v0.7d") v0.9("njRAT v0.9d") v0.10(njRAT v0.10d) %% variants v0.8lime(njRAT v0.8 Lime Edition) v0.7green(njRAT v0.7 Green Edition) v0.7horror(njRAT v0.7 Horror Edition) v2017danger(njRAT Danger Edition 2017) v2018danger(njRAT Danger Edition 2018) v2020danger(njRAT Danger Edition 2020) dangerous(Dangerous RAT) njRAT --> v0.7 v0.7 --> v0.9 v0.7 --> v0.8lime v0.7 --> v0.7green v0.7 --> v2017danger v0.7 --> dangerous v0.7 --> v0.7horror v2017danger --> v2018danger v2018danger --> v2020danger v0.9 --> v0.10 click v0.7 "https://iss4cf0ng.github.io/2026/03/15/2026-3-15-njRAT/" "njRAT v0.7d" click v0.9 "https://iss4cf0ng.github.io/2026/03/17/2026-3-17-njRATv0-9d/" "njRAT v0.9d" click v0.7green "https://iss4cf0ng.github.io/2026/03/18/2026-3-18-njRATLime/" "njRAT v0.7d Green Edition" click v0.8lime "https://iss4cf0ng.github.io/2026/03/18/2026-3-18-njRATLime/" "njRAT v0.7d Lime Edition"

Note: Some RAT versions have minimal changes; therefore, certain nodes in the family tree may point to the same article. This is intentional. The table below lists all analyzed RAT versions and editions, with each article corresponding to a distinct version to maintain clarity and avoid overlap.

RAT Version	Article
njRAT v0.7d	Analyzing njRAT v0.7d
njRAT v0.9d	Analyzing njRAT v0.9d
njRAT Lime/Green Edition	Analyzing njRAT Lime and Green Edition

---

Many variants are derived from njRAT v0.7, making it a foundational version for understanding the evolution of this malware family. Therefore, analyzing v0.7 provides critical insights into the design patterns reused across later variants.

The variants can be broadly classified into two categories:

• Official versions: v0.7, v0.9, v0.10
• Modified / weaponized editions: Lime, Green, Danger, Golden, etc.

Most modified editions are derived from v0.7, inheriting its core architecture while introducing additional features such as DDoS, ransomware, or anti-analysis mechanisms.

Related Articles

• Wikipedia: njRAT

THANKS FOR READING