Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution

Tuesday, November 15, 2022

Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis

Dear blog readers,

In this post I've decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that's using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.

Sample campaign C&C and associated domains analysis:

MD5: d8191eee2d99a00cb664d100ffc73b9c

hxxp://enderop44-36084.portmap.host - 193.161.193.99

URL: hxxp://www.cofo.ga/a/KeyOneA.exe

Botnet C&C: hxxp://cofo.ga - hxxp://52.70.248.161; hxxp://193.161.193.99

Sample screenshots include:

Sample VirusTotal Graph regarding the malicious campaign:

Stay tuned!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Tuesday, November 15, 2022

Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis

No comments:

Post a Comment