Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis
0
Dear blog readers,
In this post I've decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that's using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.
Sample campaign C&C and associated domains analysis:
MD5: d8191eee2d99a00cb664d100ffc73b9c
hxxp://enderop44-36084.portmap.host - 193.161.193.99
URL: hxxp://www.cofo.ga/a/KeyOneA.exe
Botnet C&C: hxxp://cofo.ga - hxxp://52.70.248.161; hxxp://193.161.193.99
Sample screenshots include:
Sample VirusTotal Graph regarding the malicious campaign:
Stay tuned!
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
0 Comments: