Dear blog readers,
In this post I've decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that's using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.
Sample campaign C&C and associated domains analysis:
MD5: d8191eee2d99a00cb664d100ffc73b9c
hxxp://enderop44-36084.portmap.host - 193.161.193.99
URL: hxxp://www.cofo.ga/a/KeyOneA.exe
Botnet C&C: hxxp://cofo.ga - hxxp://52.70.248.161; hxxp://193.161.193.99
Sample screenshots include:
Sample VirusTotal Graph regarding the malicious campaign:
Stay tuned!
No comments:
Post a Comment