Threat Database Ransomware njRAT Lime Edition

njRAT Lime Edition

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 1,520
Threat Level: 80 % (High)
Infected Computers: 6,042
First Seen: August 12, 2016
Last Seen: September 21, 2023
OS(es) Affected: Windows

The njRAT Lime Edition is a Remote Access Trojan that has ransomware capabilities apart from allowing cybercrooks to gain remote access to the infected computers. The njRAT Lime Edition was first observed on December 6, 2017. The njRAT Lime Edition includes an encryption engine that makes the victim's files useless, allowing its perpetrators to demand ransom payments from their victims, as well as backdoor capabilities that allow the cybercrooks to gain access to the infected PC.

The Sour Taste of a njRAT Lime Edition Infection

The njRAT Lime Edition is being advertised on the Dark Web, as well as on various hacking websites and videos on the open Internet. Developed by someone going by the handle 'Mr3x3,' the njRAT Lime Edition is being advertised as having the following features in its attack (this text is part of the njRAT Lime Edition's advertising material):

[+]Added Ransomware
[+]Added Stress Test \\ slowloris and ARME
[+]Added PC specification \\ Get info CPU GPU RAM
[+]Added BTC wallet finder
[+]Added Changing Wallpaper
[+]Smarter USB Spread
[+]Smarter [Logs]
[+]Updated anti-process \\ Now if you click ON this make it always on even after restart until you press OFF
[+]Updated bitcoin \\ Also ON will make it run after restart until OFF is pressed
[+]Fixed MessageBox not being showed on top
[+]Fixed Copy To startup
[+]Fixed Active Window weird symbols
[+]And more bugs were Fixed
[+]Updated Support Folder \\ Now it's cleaner and easy to read

It seems that the main attraction of the njRAT Lime Edition is the addition of a ransomware feature, which allows the cybercrooks to make money from having infected the victim's computer immediately. The njRAT Lime Edition displays the following ransom note on victims' computers:

'All your files have been locked
You can get them back, Just pay us 200$ as Bitcoin
Our bitcoin address is
BTC TEST 12345678990000120233
Watch this video to learn how to pay us
This is not e joke. This is a ransomware'

How the njRAT Lime Edition Attack Works

The njRAT Lime Edition is associated with a threat building kit that the cybercrooks can use to create personalized versions of the njRAT Lime Edition. The njRAT Lime Edition marks the files encrypted in its attack by adding the file extension '.Lime' to the end of each affected file's name in its default version. The njRAT Lime Edition has all of the features of a backdoor Trojan coupled with the features of an encryption ransomware Trojan. Like most backdoor Trojans, the njRAT Lime Edition is designed to allow the cybercrooks to gain remote access to infected computers. The njRAT Lime Edition also allows third parties to monitor the victim's activities, gather data, and collect information, as well as control the infected computer from a remote location. Additionally, the njRAT Lime Edition's ransomware module allows the cybercrooks to carry out ransomware attacks. The njRAT Lime Edition will use a strong encryption algorithm to make the victim's files out of reach, and then demand that the victim pays a ransom of 200 USD in exchange for the decryption key, which is needed to restore the affected files. This combination allows these people to carry out devastating attacks on their victims.

Protecting Your Computer from Threats Like the njRAT Lime Edition

The best protection against backdoor Trojans like the njRAT Lime Edition is to have a strong security program that is fully up-to-date and take precautions when handling any suspicious material, such as unsolicited email attachments or online links. To protect yourself and your machine against ransomware Trojans, you must have file backups. If a Trojan like the njRAT Lime Edition encrypts your files, having the ability to restore your files from a backup copy means that there is no need to contact the cybercrooks or pay the ransom to recover from a njRAT Lime Edition attack. A combination of strong security software and reliable backup methods is proven to be the best method to protect your data from the njRAT Lime Edition.

SpyHunter Detects & Remove njRAT Lime Edition

File System Details

njRAT Lime Edition may create the following file(s):
# File Name MD5 Detections
1. pw.dll db87daf76c15f3808cec149f639aa64f 830
2. Mono.Cecil.dll 851ec9d84343fbd089520d420348a902 87
3. Wind.exe 53a9de48e432d5587bb93bc5a8c7bb8b 1
4. file.exe a78b8d72a78767f92e9d93cdc995d9ae 0
5. file.exe cd312c275495e39ca7d9b186e146dd62 0
6. file.exe 1e6e5b00496d3c6629568fef18ceb5a0 0
7. file.exe c4ad44a1718771aaf94670d07652c5dd 0
8. file.exe de08894d497e63ef412a144274166ea4 0
9. AL-BASHA NJRAT CLEAN CRYPTER.EXE 98ff2a318c13d486f34f81459f9d5fc8 0
10. 2a4b142a5249f32d552712bf01d18f23 2a4b142a5249f32d552712bf01d18f23 0
11. 4bbc15dba26f9d7ae8c2e3ec8a63dd4d 4bbc15dba26f9d7ae8c2e3ec8a63dd4d 0
12. file.exe 69453f86115bf0ad1c718e5ec9253a70 0
13. file.exe a9f81658b17624154c7936935b3bb6b1 0

Registry Details

njRAT Lime Edition may create the following registry entry or registry entries:
File name without path
VIP Script.exe
Regexp file mask
%TEMP%\Console Window Host.exe


Most Viewed